Our Mission and Vision At Solidgate, our mission is clear: to empower outstanding entrepreneurs to build exceptional internet companies. We exist to fuel the builders — the ones shaping the digital economy — with the financial infrastructure they deserve. To achieve that, we’re on a bold path: to become the #1 payments orchestration platform in the world.
We believe the future of payments is shaped by people who think big, take ownership, and bring curiosity and drive to everything they do. That’s exactly the kind of teammates we want on board.
We’re building the #1 payment orchestrator in the world — and the names behind us prove it. Clients include Bolt, Ajax, Nova Post, MEGOGO. Trusted by giants like J.P. Morgan. Ranked #2 in the “Employer of the Year 2026” award by Forbes Ukraine. Why This Role Is Critical Solidgate processes millions of payments across 120+ services, including its own acquiring module, and operates in a regulated environment with real cardholder data and SWIFT connectivity. You’ll define what detection looks like at Solidgate: what gets monitored, what gets detected, and how the team responds when something goes wrong. What You Will Own * Build and operationalize the SIEM from PoC to production — including case management and UEBA, with full ownership of the technology selection * Design, write, and tune detection rules mapped to MITRE ATT&CK, covering identity compromise, privilege escalation, lateral movement, and endpoint threats * Triage and investigate L2/L3 alerts, reduce false positives, and establish clear escalation paths for each use case * Lead incident response and basic forensics — containment, eradication, and structured lessons learned * Onboard log sources across AWS, JumpCloud, Google Workspace, CDE, and SWIFT; * Run threat hunts based on realistic attack hypotheses specific to a payment platform’s risk profile * Build and maintain runbooks and playbooks; automate repetitive actions via SOAR or scripting * Define SOC metrics and own monthly reporting to management on detection coverage and response performance
Our Ideal Candidate * 3+ years in SOC / Detection & Response at L2/L3 level, with hands-on investigation experience * Practical experience building or operating a SIEM, including writing and tuning detection rules * Detection engineering with MITRE ATT&CK mapping; confident with KQL, SPL, or equivalent query languages * Experience investigating cloud log sources: AWS CloudTrail, GuardDuty, Google Workspace, EDR/XDR * Scripting and automation skills (Python or similar) for telemetry processing and routine tasks * Solid understanding of attacker techniques and how they manifest in logs — not just tool knowledge, but threat understanding * Structured under pressure: disciplined investigation process, clear documentation, clean post-mortems
The Points That Make You Stand Out * SOAR experience and a detection-as-code approach (version control for rules, CI pipelines for detection) * UEBA, threat intelligence enrichment, or alert contextualization at scale * Familiarity with payment-specific environments — CDE monitoring, SWIFT, PCI DSS context * Purple teaming experience working alongside an offensive security team
Why This Role Is a Career Accelerator * You’ll own the Security Operations direction at Solidgate — this isn’t a slot in someone else’s SOC, it’s yours to build * Real data, real threats — a fintech processing millions of transactions is a genuinely complex detection environment, not a sandbox * You’ll choose the stack: SIEM, SOAR, detection framework — your decisions will shape how Solidgate detects threats for years * Direct path to leading the SOC function and growing the team as the company scales * Hands-on experience at the intersection of cloud-native infrastructure, IR, and detection engineering in a regulated environment — a combination rare outside large enterprises
Why Join Solidgate * Impactful work: you’re monitoring and defending financial infrastructure that processes millions of real payments. What you detect and respond to directly affects the company’s risk profile and the businesses relying on the platform. * Creative freedom: the SOC is greenfield. No inherited SIEM, no legacy detection rules, no alert fatigue from someone else’s misconfigured use cases. You build the detection stack from scratch and own every decision in it. * Career growth: a realistic path to leading the Security Operations function within 6-12 months, with direct collaboration with a CISO who came up through the technical side. Want to go deeper into cloud detection, threat intelligence, or automation? That door is open. * Ownership culture: you own the detection lifecycle end to end — log onboarding, use case design, triage, response, and reporting. No hand-offs, no findings that disappear into a backlog. * People worth working with: a senior InfoSec team that takes security seriously and treats detection gaps as engineering problems worth solving. Smart, experienced teammates who raise the bar and actually have each other’s backs.
The Extras: 30+ days off, unlimited sick leave, free office meals, health coverage, and Apple gear to keep you productive. Courses, conferences, sports and wellness benefits — all designed for ideas, focus, and fun.
Security at scale is rare to build from scratch. This is that chance
Know top talent? We’re always on the lookout. Recommend someone for our role, and if they get hired, there’s a bonus waiting for you — simple as that.
Відгукнутись на вакансію
Job ID:
172639
Требуемые навыки:
Ajax, Cloud, Python
Зарплата:
Регион:
Київ, Львів, Варшава (Польща), Нікосія (Кіпр), віддалено
