Rodeo
ResourcesPartnersSign in

hackajob

Purple Operations Engineer

United Kingdom
Posted about 21 hours ago
Sign up to applySee more jobs like this

How your CV stacks up

1Upload CV
2Analyse CV
3Improve CV

Upload your CV to see how well it fits this job role

?%

hackajob is collaborating with Sporty Group to connect them with exceptional professionals for this role.

Mission

Strengthen Sporty’s detection and response capability by tuning EDR, SIEM, and security monitoring platforms so they produce high-quality alerts, reduce noise, and give security teams clear signals on real threats.

The Purple Operations Engineer owns the quality, coverage, and reliability of security detections across endpoint, identity, cloud, network, and application telemetry. This role works closely with Threat Intelligence, Red Team, Purple Team, SOC, Detection Engineering, and Incident Response to convert threats, incidents, and attack simulations into tuned alerts, correlation rules, dashboards, playbooks, and control checks.

What You'll Be Doing

  • Tune EDR, SIEM, and XDR detections to reduce false positives and improve alert quality.
  • Build and maintain detection rules, correlation searches, dashboards, watchlists, and response workflows.
  • Translate Red Team, Purple Team, incident, and Threat Intelligence findings into repeatable defensive checks.
  • Validate that EDR policies, prevention rules, logging, sensor health, and response actions work as expected.
  • Review noisy alerts and tune thresholds, exclusions, lookups, entity context, and suppression logic.
  • Support SOC analysts with clear alert descriptions, triage steps, severity logic, and escalation guidance.
  • Improve log coverage, parsing, field normalization, enrichment, and data quality.
  • Map detections to MITRE ATT&CK where useful. ATT&CK is widely used to describe adversary tactics and techniques based on real-world observations.
  • Write portable detection content using formats such as Sigma, which is designed as a generic signature format for SIEM detections.
  • Track detection gaps, false positive trends, alert health, and platform performance.

Reasons to use Rodeo

I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?

Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.

Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.

Start with a chat, not a search bar

Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.

P

Graduate Consultant — 2026 Scheme

PwC·London, UK
£35,000/yr

Why you're a good match

Strong

Your economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.

See breakdown
Save jobNot relevant
View details

It searches the market for you

Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.

Why you're a good match

You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.

See breakdown
Strong

Experience fit

Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.

See breakdown
Strong

Only hits

No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.

What You'll Bring

  • Experience tuning EDR, SIEM, XDR, or SOC monitoring platforms.
  • Strong understanding of endpoint, identity, cloud, network, and web attack behaviors.
  • Practical experience writing detection logic in KQL, SPL, EQL, Lucene, Sigma, YARA, or similar.
  • Familiarity with MITRE ATT&CK mapping and detection coverage analysis.
  • Ability to turn Red Team, Purple Team, and incident findings into clear detection logic.
  • Experience reducing false positives through rule tuning, exceptions, automation, and better entity context. Microsoft Sentinel supports this through automation rules and analytics rule changes.
  • Strong scripting ability in Python, PowerShell, Bash, or similar.
  • Good understanding of SOC workflows, incident triage, escalation, and response playbooks.
  • Strong documentation skills.

Get help with your application

Your very own career expert that helps elevate your application to the next level.

Get help applying for this job

Technology Expertise

Any of the following: Microsoft Defender XDR, CrowdStrike Falcon, SentinelOne, Microsoft Sentinel, Splunk Enterprise Security, Elastic Security, Google SecOps, Sigma, YARA, KQL, SPL, EQL, Lucene, Python, PowerShell, Bash, MITRE ATT&CK, Atomic Red Team, Caldera, Vectr, TheHive, Jira, Confluence, GitHub, GitLab, osquery, Sysmon, Zeek, Suricata, AWS CloudTrail, GuardDuty, Azure, Entra ID, Google Workspace, Okta, Cloudflare, Kubernetes logs.

What’s In It For You

  • Sporty is a remote first company in pursuit of sustainability.
  • A competitive salary + individual performance based bonuses every quarter.
  • 28 days paid annual leave.
  • Our core working hours are 10am-3pm in your local time zone with flexibility outside of this.
  • Referral bonuses & flash bonuses.
  • Top of the line equipment.
  • Annual company retreats to provide great internal networking opportunities.

Interview Process

  • Remote video screening with our Talent Acquisition Team.
  • Online assessment via Hackerrank.
  • Remote video interview with Team Members (60 Mins).
  • Final discussion with the hiring manager (60 mins).

If you're interested, we encourage you to apply! Every application is reviewed by a member of our team (AI is not used in our recruitment process), and we aim to respond within 48 hours.

Trusted by 25,000+ job seekers

“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”

Jessica, London

Get help applying for this job

Skills

EDR
SIEM
XDR
Security Monitoring
Detection Logic
MITRE ATT&CK
Python
PowerShell
Bash
KQL
SPL
EQL
Lucene
Sigma
YARA
Incident Response

Location

United Kingdom

Sign up to applySee more jobs like this