Join our Security Operations team as a Security Operations Engineer, combining software engineering skills with deep threat understanding and signal engineering expertise.

You will write production code to design detection logic, build automated security workflows, and create the observability platform that enables the Security department to operate at scale while protecting Aily’s infrastructure from real threats. As a key ally to all security teams, you will collaborate closely across the department to build the automation infrastructure that multiplies everyone’s impact

Role
As a Security Operations Engineer, you will be a software engineer and defender, someone who writes production-quality code to solve security problems while deeply understanding the threats we face. You will work as a key ally to all security teams across the department, building the observability and automation infrastructure that enables everyone to work more effectively.

We are looking for candidates with deep expertise in at least 2 of the areas below:

Detection Engineering & Threat Understanding:

• Understand attacker tactics, techniques, and procedures deeply enough to design detection strategies that identify real threats, misconfigurations, policy violations, and anomalies across complex environments.
• Know how to write detection logic, tune detection systems, and continuously improve true
positive rates.
• Expert at defining what matters in security, distinguishing signal from noise
• Understand how to translate threat intelligence and attacker behaviors into actionable detection and response strategies.
• Think in terms of detection workflows, from initial alert through investigation to resolution
and can design effective patterns that balance automation with human judgment.
• Can build detection content that operates across diverse data sources (cloud, applications, infrastructure, identity, endpoints).

Security Platform Building & Automation:

• Understand how to build security platforms that process and correlate data from across
modern technology stacks.
• Know how to design systems that ingest telemetry from diverse sources and make it queryable, actionable, and contextually rich.
• Can build data pipelines that handle security telemetry at scale.
• Understand how to design intelligent automation that eliminates repetitive work while main taining high-quality security outcomes
• Know when to automate fully, when to keep humans in the loop, and how to design escalation patterns for complex decisions
• Have experience building security automation, orchestration workflows, or detection systems.

Security Operations & Incident Response:

• Understand modern security operations, including incident response, alert triage, threat
hunting, and remediation.
• Know how to operate in a SOC environment and have experience investigating security
incidents.
• Understand the full incident lifecycle from detection through containment to post-incident
analysis.
• Can design response playbooks and automated remediation workflows
• Think holistically across the security domain endpoint, cloud, vulnerability management,
compliance, and governance.
• Have experience with SIEM, SOAR, EDR, or other security operations tools

Experience: 2-4 years as a security operations engineer, detection engineer, SOC analyst, or similar role building and operating security systems, OR equivalent demonstrated skills in detection engineering and security automation.

If you have strong skills but less experience, we encourage you to apply. We value your ability to build quality solutions and think in systems over the years in the role.

Must-Have Skills:
• Strong systems thinking and ability to design technical systems that solve security prob-
lems at scale
• Software engineering mindset - You write production-quality code to build security solutions, not just script or configure existing tools
• Ability to articulate complex technical concepts clearly and collaborate effectively with
cross-functional teams across the Security department
• Detection engineering experience - You’ve designed detection logic, tuned detection systems, or built security monitoring capabilities
• Threat understanding - You understand attacker TTPs and can translate threat intelligence into actionable detections
• Security operations experience - You’ve worked in incident response, alert triage, or threat hunting
• Cloud security experience - Experience with any major cloud provider (we use AWS); understanding of Kubernetes, containers, and cloud-native architectures
• Coding proficiency - Language agnostic, but you write clean, maintainable code (we primarily use Python)
• Data pipeline or telemetry experience - You understand how to work with large volumes
of security data

Working Style:
• Collaboration as a key ally: You work closely with all security teams, Platform Security,
Product Security, GRC, and Corporate Security, building infrastructure and automation that multiplies their impact
• End-to-end ownership: You own your projects from design through deployment and maintenance.
• Independence with collaboration: You can work independently on technical initiatives
while maintaining strong partnerships across the department
• Quality-driven: You care deeply about building detection logic that works, reliable automation, and systems that operate effectively.

AI-First Mindset: You’ll leverage AI tools daily to maximize your efficiency and impact.
Ownership: You’ll own your domain end-to-end. Your scope of ownership will be smaller
or larger depending on your level, but you’re expected to own it completely—from design to delivery to maintenance. If you prefer to be told what to do, this isn’t the right environment for you.

Nice to Have
• Experience with SIEM platforms (Splunk, Elastic, Sentinel, Chronicle) or SOAR platforms
• Experience building custom security automation or orchestration workflows
• Familiarity with graph databases, semantic data models, or knowledge graphs
• Understanding of compliance control, monitoring and automated evidence collection
• Experience with Infrastructure-as-Code (Terraform) or configuration management
• AI/ML security knowledge or experience securing AI systems.
• Security certifications like GCIH, GCIA, OSCP, CISSP, or AWS Security Specialty.

Founded in 2020 in Munich, we are a rapidly expanding scale-up in the B2B SaaS area. We’ve already assembled a super innovative, smart, and fun team of 320+ highly motivated employees around our offices in Munich, Barcelona, Madrid, Cluj, and New York.

At Aily Labs, we have the bold mission to democratize AI. Our groundbreaking product is
an AI-powered mobile app that uses cutting-edge GenAI and traditional ML to unlock valuable business insights and give personalized recommendations. Our aim? Disrupting the way corporate entities operate, paving the way for the world’s first AI decision intelligence platform that enables faster, simpler, and smarter decision-making across the entire value chain, aiming towards full Agentic automation of key business goals

• Be part of building a greenfield Security Operations capability from the ground up at an
AI-first company.
• Work in an AI-first company where using AI to solve problems is expected and encouraged, not discouraged.
• Enjoy the flexibility of remote work, continuous growth, and dedicated training resources to support your professional development