Information Security Engineer

Only apply if:

• You are fluent in English (only English resumes will be reviewed)
• You can commute once a week to our SP Office.

OPERATIVE OVERVIEW

300+ media companies as clients, $40+ billion in revenue processed, 25,000+ worldwide users 

Operative is a revenue accelerant for media companies around the world. No other software company in AdTech space, brings a comparable depth of experience to create truly innovative software that performs across all platforms, revenue models and business units. We are a SAAS (Software as a Service) platform which helps clients manage advertisements both in the linear (TV) and digital space. We have been in the market for over two decades and have 1100+ employees with 12 offices spread across the globe. Operative is proud to play a pivotal role in the way advertising is bought, sold and managed across the media industry. 

Role Summary: 

We are looking for an Information Security Engineer who will serve as the first line of defense in our security operations team.  
This role involves monitoring and responding to security alerts and incidents generated from Managed Detection and Response (MDR) and Extended Detection and Response (XDR) to safeguard organizations' information and assets. This role also involves the creation of comprehensive incident reports and contributes to the development and maintenance of incident response playbooks. 
The ideal candidate is experienced with CrowdStrike Falcon (minimum 2 years) and is comfortable owning integrations, controls, and security policies end-to-end. 

Responsibilities: 

CrowdStrike Ownership  
Own CrowdStrike Falcon operations end-to-end, including: 
- Policy design, continuous fine-tuning, and enforcement 
- Sensor deployment, health monitoring, and coverage validation 
- Integrations with SIEM, SOAR, ticketing, and other security platforms 
 
Design and implement automations within CrowdStrike, including: 
- Automated containment and response actions 
- Workflow automation for alert handling and escalation 
- Reduction of alert noise through intelligent tuning and suppression 
- Continuously optimize detections, prevention controls, and response logic to improve signal-to-noise ratio and reduce mean time to respond (MTTR). 

Threat Intelligence & IOC Management 
 Own Threat Intelligence operations, including: 
- Tracking emerging threats and active threat actor campaigns 
- Maintaining and updating Indicators of Compromise (IOCs) (hashes, IPs, domains, TTPs) 
- Translating threat intelligence into CrowdStrike detections, policies, and automated responses 
- Proactively update detection and response logic based on changes in the threat landscape. 

Security Operations & Incident Response 

- Monitor, analyze, and respond to security alerts and incidents generated by MDR and XDR platforms. 
- Lead containment, eradication, and recovery efforts during security incidents. 
- Perform root cause analysis and drive corrective actions to prevent recurrence. 
- Produce clear, executive-ready incident reports and contribute to incident response playbooks. 

Alert Triage & Analysis 

- Assess severity and legitimacy of alerts, distinguishing false positives from real threats. 
- Analyze alerts using contextual data, system logs, and threat intelligence to determine impact and scope. 
- Identify anomalous behavior indicative of compromise or policy violations. 

Vulnerability Management & Remediation Enforcement 

- Open, track, and maintain vulnerability remediation tickets with Engineering and Cloud teams 
- Clearly document risk, severity, and remediation expectations for each finding 
- Actively enforce remediation timelines, following up with responsible teams until closure 
- Validate remediation effectiveness and ensure vulnerabilities are formally closed 
- Escalate overdue or high-risk findings when remediation is delayed or blocked 

  
Collaboration, Automation & Improvement 

-Work closely with internal engineering, IT, and cloud teams during incidents. 
-Coordinate with external security vendors when required. 
-Participate in post-incident reviews and continuously improve detection, automation, and response maturity. 
-Contribute to security awareness and education initiatives, particularly for non-security audiences 

Must-Have Skills: 

 - Minimum 2 years of hands-on experience owning CrowdStrike Falcon, including fine-tuning, automation, and response workflows. 
- Knowledge of TCP/IP, VPNs, firewalls, and intrusion detection/prevention systems. 
- Demonstrated experience building automated response actions inside CrowdStrike. 
- Experience working with MDR / XDR platforms in production environments. 
- Strong understanding of networking fundamentals and AWS services. 
- Understanding of common attack vectors (phishing, malware, ransomware) and how to mitigate them. 
- Proven ability in log analysis and IOC-driven investigations. 
- Experience operationalizing Threat Intelligence into detections and automated controls. 
- Excellent written and verbal communication skills. 
- Strong documentation skills for playbooks, investigations, and procedures. 
- Solid understanding of security frameworks and best practices. 
- Knowledge of cybersecurity frameworks (e.g., MITRE ATT&CK, VERIS, Cyber Kill Chain, Diamond Model, and other frameworks) 
Working Conditions: This role may require participation in an on-call rotation and the ability to respond to security incidents during non-standard hours. 

Why join us ? 

• Operative is a technology-oriented product organization that believes in empowering its people 

• We use the latest tech stack and empower our engineers to learn, work and ideate on new technologies available in the market 

• We provide flexi work schedules and remote working to encourage work life balance 

• We are an equal opportunities employer and recruit based on the experience and skill set. 

• We offer a competitive salary and benefits package 

“Operative is a merit-first, equal opportunity employer; diverse applications are encouraged.” 

Operative cares about your privacy and protecting your data. By submitting an application for a position with Operative, you acknowledge that you have read the following and consent to how Operative treats your data: the Candidate Privacy Policy
and the Candidate Notice for Data Transfer and Retention.