Junior SecOps Engineer

We are looking for a Junior SecOps Engineer to strengthen our Security Operations team in Brno. This is a hybrid role combining incident response (Tier 1/2) with automation, detection engineering and SOC optimisation. You will not only investigate security incidents end-to-end but also actively improve how our SOC operates - through automation, integration and smarter detections. If you enjoy working with modern SOC technologies, cloud security and building efficient security operations, this role is for you.

What you can look forward to:

• Working hands-on with modern SIEM platforms, with focus on Microsoft Sentinel as well as Splunk and QRadar
• Designing, building and tuning detections using KQL or SPL
• Daily interaction with Microsoft Defender XDR stack and other EDR/XDR tools such as Defender for Endpoint, CrowdStrike or SentinelOne
• Investigating security incidents end-to-end, from triage and deep analysis (Tier 1/2) to containment and remediation
• Actively contributing to threat hunting, detection engineering and noise reduction
• Automating security operations using Python and/or PowerShell
• Designing and integrating workflows using REST APIs, JSON and Microsoft Graph API
• Working in a cloud-first environment in Azure including tenant management (Entra ID / Azure AD)
• Using DevOps practices such as Git, CI/CD pipelines and automation with Azure Logic Apps and Azure Functions
• Applying MITRE ATT&CK and Cyber Kill Chain frameworks in real-world scenarios
• Working with a wide range of log sources (Windows Event Logs, Firewall, Proxy, Syslog, CEF/ECS)
• Contributing to SIEM/SOAR architecture, including data normalization, log parsing and secure API orchestration

Key Requirements:

• Strong analytical mindset and data-driven approach (log analysis, anomaly detection)
• Excellent knowledge of TCP/IP, DNS, HTTP/S and Windows/Linux internals (processes, services, registry, Active Directory)
• Hands-on experience with Microsoft Sentinel (SIEM) and Microsoft Defender (XDR stack)
• Experience with SIEM tools (Sentinel, Splunk, QRadar) and detection development using KQL or SPL
• Experience with EDR/XDR tools (Defender for Endpoint, CrowdStrike, SentinelOne)
• Practical scripting skills in Python or PowerShell and experience with REST APIs, JSON and Microsoft Graph API
• Experience with Azure cloud including tenant management (Entra ID / Azure AD) and automation using Logic Apps or Azure Functions
• Familiarity with DevOps practices such as Git and CI/CD pipelines
• Good knowledge of MITRE ATT&CK, Cyber Kill Chain and common log formats
• Understanding of SIEM/SOAR architecture, data normalization, log parsing and API-based integrations
• Ability to work independently and collaborate within a SOC team
• Fluency in both English and Czech

Advantages:

• Security certifications such as CompTIA CySA+, SecurityX ECSS or Blue Team Level 1/2
• Microsoft certifications (SC-200 / SC-900)
• Experience with TryHackMe or similar platforms
• Certified Junior Detection Engineer (CJDE)
• Exposure to AI-driven security approaches (SecAI or similar)

Why Axians?

• We are an international, yet local brand, built on real values. Everybody knows each other, and it feels good to come to the office – even after a holiday or on Mondays. All of our colleagues are happy to help and pass on their experience. As will you. #sharingiscaring
• Flexible working hours
• 5 weeks of vacation + 3 extra days off
• Employee stock shares program
• Meal allowance 75 CZK/day
• Gradually increasing contribution to pension/life insurance or LTIP (DIP): 1000 CZK after 1 year, 2000 CZK after 2 years, and 3000 CZK after 4 years
• Language courses, individual training and development plan, use of internal talents for new projects
• Hedepy online therapy
• Monthly breakfasts
• Dog-friendly Brno office with a gym underneath
• Multisport Card for sports enthusiasts
• Cafeteria