Senior Security Operations Engineer

Apollo.io is the leading go-to-market solution for revenue teams, trusted by over 500,000 companies and millions of users globally, from rapidly growing startups to some of the world's largest enterprises. Founded in 2015, the company is one of the fastest growing companies in SaaS, raising approximately $250 million to date and valued at $1.6 billion. Apollo.io provides sales and marketing teams with easy access to verified contact data for over 210 million B2B contacts and 35 million companies worldwide, along with tools to engage and convert these contacts in one unified platform. By helping revenue professionals find the most accurate contact information and automating the outreach process, Apollo.io turns prospects into customers. Apollo raised a series D in 2023 and is backed by top-tier investors, including Sequoia Capital, Bain Capital Ventures, and more, and counts the former President and COO of Hubspot, JD Sherman, among its board members. **This is a Permanent role ("Umowa o pracę") and not a B2B contract** Role Overview The Security Operations Engineer is a senior individual contributor responsible for detecting, investigating, and responding to security threats across Apollo’s cloud-native and SaaS environments. This role requires strong technical depth, independent judgment, and ownership of complex security investigations from intake through resolution. This role operates in a fully remote environment and emphasizes clear written communication, operational rigor, and effective collaboration. Key Responsibilities Incident Detection, Investigation Response Monitor, triage, and investigate security alerts and events across cloud infrastructure, SaaS applications, and corporate systems. Conduct end-to-end security investigations, including scoping, containment, eradication, recovery, and documentation. Own investigations independently while collaborating effectively during high-severity incidents. SIEM, Detection Workflow Engineering Configure and maintain SIEM detections in Panther , including use cases, correlation rules, alert logic, and tuning. Onboard, validate, and maintain log sources to ensure visibility, accuracy, and reliability. Design and improve investigation and response workflows to streamline triage, escalation, and resolution. Leverage AI-assisted tools to accelerate alert analysis, enrichment, and investigation efficiency. Threat Hunting Proactive Security Perform proactive threat-hunting activities to identify malicious or anomalous behavior not surfaced by existing detections. Investigate abuse, fraud, account compromise, and automation misuse scenarios in close collaboration with Fraud teams. Identify detection gaps and propose, implement, and validate improvements. Automation, Coding Tooling Build scripts, automations, and tools to reduce manual work and improve response speed and consistency. Use Python extensively for analysis, automation, and internal tooling; Ruby experience is a plus. Contribute to internal detection frameworks, tooling, and shared libraries. Documentation Continuous Improvement Produce clear, high-quality documentation for incidents, investigations, and post-incident reviews. Contribute to runbooks, playbooks, and operational standards. Share knowledge, review peer work, and mentor other engineers. Required Skills Experience 4+ years of experience in Security Operations or Incident Response. Hands-on experience with SIEM platforms (experience with Panther is highly valued), log analysis, and detection engineering. Experience investigating security incidents in cloud-native environments ( GCP preferred; AWS and Azure also relevant) and SaaS applications. Experience automating security workflows and investigations. Proficiency in Python ; familiarity with Ruby preferred. Ability to operate independently, prioritize effectively, and make sound technical decisions under pressure. Preferred Qualifications Experience us ... (truncated, view full listing at source)