team.blue is an ecosystem of 60+ successful brands working together across 22 European countries to provide its 3.5 million SMB customers with everything they need to succeed online by offering best-in-class expertise and services.

team.blue's brands are a mix of traditional hosting businesses that offer services from domain names, email, shared hosting, e-commerce, and server hosting solutions and, as specialist SaaS providers, adjacent products such as compliance, marketing tools, and team collaboration products. This broad product offering makes it a one-stop partner for online businesses and entrepreneurs across Europe.

The role

We are looking for a Detection & Response Platform Lead to drive our endpoint security strategy and evolve our detection capabilities at scale. This is an opportunity to shape the future of teamb.blue’s Security Operations.

You will own our detection and response platforms as the foundation, while building scalable detection solutions, automating workflows, and collaborating across DevOps, Operations, and SaaS portfolio companies to reduce threats upstream.

Your objectives are:

1. Strategically manage our endpoint detection platforms – Own detection & response platforms configurations, optimizatiosn, and vendor relationships to maximize detection efficacy across team.blue infrastructure

2. Engineer scalable detection solutions – Automate alert triage and enrichment, and continuously improve detection coverage

3. Drive cross-functional influence – Partner with DevOps, vulnerability management, and SaaS companies to reduce alert volume by strengthening preventive controls and threat modeling upstream

The position can be based anywhere within the EU as fully remote or hybrid working from one of our many offices.

Your Responsibilities

Platform Ownership & Strategy

• Own the strategic direction, configuration, and optimization of detection & response platforms across team.blue infrastructure

• Maintain and continuously improve the services, reviewing incidents and collaborating with the vendor to enhance service quality

• Monitor alert trends and tune detection policies to optimize true positive rates while reducing alert fatigue

Detection Engineering & Automation

• Conduct threat hunting to identify gaps in detection coverage and validate detection efficacy

• Build custom detection rules based on threat intelligence, hunting findings, and incident learnings

Cross-Functional Collaboration & Influence

• Partner with Operations and Infrastructure teams to ensure consistent endpoint protection standards

• Work with vulnerability management to prioritize patching based on active threats and detection findings

• Provide threat context to upstream teams to improve preventive controls and reduce alert volume

Continuous Improvement & Knowledge Sharing

• Implement blameless postmortems after incidents to drive continuous improvement

• Sharing detection content and learnings within team.blue

• Document detection logic, playbooks, runbooks, and configuration standards

• Stay current on endpoint threat landscape, attack techniques, and detection methodologies

Your Skillset

Required Experience & Skills

• 5+ years in technical security roles – security operations, detection engineering, incident response, or system administration with security focus

• Endpoint security expertise – Good understanding of operating systems such as Windows (Server), Linux, and macOS

• Detection engineering capabilities – Experience developing detection rules, alerts, and response workflows

• Hands-on EDR/XDR experience – Practical experience with EDR platforms (SentinelOne experience valued)

• Threat analysis skills – Ability to analyze attack patterns, understand attacker TTPs, and translate to detections

• Collaborative approach – Experience working across organizational boundaries with IT, DevOps, and business teams

• Good English – Both verbal and written communication skills

Nice to Have

• Automation mindset – Scripting skills (PowerShell, Python) and enthusiasm for automating repetitive tasks

• Security certifications

• SOC/MDR service experience – Working with external SOC or MDR providers

• MITRE ATT&CK knowledge – Practical experience mapping detections to the MITRE ATT&CK framework

• Cloud security knowledge – Understanding of cloud environments (Azure, AWS, GCP) and their security models

• Multi-tenant experience – Working in SaaS or MSP environments supporting multiple organizations

Working Environment

You will join team.blue's Security Management team of 14 security professionals, reporting directly to the Group CISO. You will work closely with our Operations department and collaborate with security teams across our portfolio of SaaS companies.

This role follows a modern, distributed security operations model:

• Remote-first flexibility – Work fully remote within the EU, hybrid, or from one of our offices

• Minimal travel – Occasional team events or company gatherings

• Work-life balance – Healthy boundaries to prevent burnout and maintain sustainable performance

Reasons to Apply

• Engineering impact at scale – Build detection solutions that protect a diverse portfolio of companies, not just respond to alerts

• Shape the future SOC – Help transform team.blue's security operations

"Come as you are"
Everyone is welcome here. Diversity & Inclusion are at our core. Far above any technical competence, we value respect, openness, and trusted collaboration. We do not tolerate intolerance.

Right to work
At any stage, please be prepared to provide proof of eligibility to work in the European country you are applying for. Unfortunately, we are unable to support Sponsorship Visas

ESG
“At team.blue, our commitment to caring for the environment and each other is at the heart of everything we do. Our latest impact report showcases our ongoing ESG efforts and ambitious sustainability goals. Interested in learning more about our dedication to making a positive impact? Check it out here.”