Senior SOC Engineer

About the Opportunity

We are seeking a

Senior / Lead SOC Platform Engineer

to

own and evolve the cloud-based logging and automation platforms that power our Security Operations Center.

Our

SOC Engineering team

does

design scalable AWS logging pipelines and manage ingestion into Google SecOps

, and

believes in proactive security, automation, and continuous improvement to stay ahead of evolving threats.

In this role, you will lead key initiatives that strengthen visibility, automation, and detection capabilities across the organization

This is a Hybrid role based in Berlin or Barcelona.

Who we are

N26 has reimagined banking for today’s digital world. Technology and design empower everything we do and it’s how we are building the global banking platform the world loves to use.

We've eliminated physical branches, paperwork, and hidden fees for an elegant digital experience and supreme savings. Giving people the power to live and bank their way is what gets us out of bed in the morning and inspires the work that we do.

We are headquartered in Berlin with offices in multiple cities across Europe, including Vienna and Barcelona, and a 1,500-strong team of more than 80 nationalities.

• Lead SOC engineering initiatives including SOC automation, SIEM–IT Service Management (ITSM) integration, and threat framework mapping and adoption (e.g., MITRE ATT&CK).
• Own data ingestion workflows for the Security Information and Event Management (SIEM) system and ensure high-quality, reliable telemetry.
• Support and integrate deceptive security technologies and participate in purple team exercises to enhance visibility and detection coverage.
• Collaborate with detection engineering, incident response, cloud teams, and security leadership to improve platform reliability and SOC effectiveness.

• What You Need to Be Successful
• Background:
• 5+ years of experience in SOC engineering, security engineering, cloud engineering, or platform engineering.
• Proven experience designing and operating large-scale logging pipelines in cloud environments.
• Strong understanding of SOC operations, detection workflows, and modern telemetry requirements.
• Skills:
• Deep hands-on experience with AWS (S3, IAM, Lambda, Kinesis, CloudWatch, Step Functions, Glue, Athena, Glacier).
• Expertise with SIEM ingestion pipelines, ideally Google SecOps (Chronicle) with S3 ingestion.
• Strong understanding of log structures (JSON, CloudTrail, VPC Flow Logs, Syslog) and schema normalization.
• Proficiency with Infrastructure as Code (Terraform preferred).
• Strong scripting/programming skills (Python, Bash).
• Experience automating data validation, log onboarding, and pipeline health checks.
• Familiarity with MITRE ATT&CK mapping workflows using Navigator.
• Exposure to deceptive security technologies and telemetry pipelines.
• Experience supporting purple team exercises from a telemetry and engineering perspective.
• Nice to Haves
• Google SecOps(Chronicle) engineering experience.
• Experience implementing automation for next-generation or Agentic SOC capabilities.
• Experience with deception frameworks (e.g., Canary, Thinkst, IllusionBLACK).