SOCL2/L3Engineer

OUR MISSION AND VISION At Solidgate, our mission is clear: to empower outstanding entrepreneurs to build exceptional internet companies. We exist to fuel the builders — the ones shaping the digital economy — with the financial infrastructure they deserve. To achieve that, we’re on a bold path: to become the #1 payments orchestration platform in the world. We believe the future of payments is shaped by people who think big, take ownership, and bring curiosity and drive to everything they do. That’s exactly the kind of teammates we want on board. We’re building the #1 payment orchestrator in the world — and the names behind us prove it. Clients include Bolt, Ajax, Nova Post, MEGOGO. Trusted by giants like J.P. Morgan. Ranked #2 in the “Employer of the Year 2026” award by Forbes Ukraine. WHY THIS ROLE IS CRITICAL Solidgate processes millions of payments across 120+ services, including its own acquiring module, and operates in a regulated environment with real cardholder data and SWIFT connectivity. You'll define what detection looks like at Solidgate: what gets monitored, what gets detected, and how the team responds when something goes wrong. WHAT YOU WILL OWN - Build and operationalize the SIEM from PoC to production - including case management and UEBA, with full ownership of the technology selection - Design, write, and tune detection rules mapped to MITRE ATT&CK, covering identity compromise, privilege escalation, lateral movement, and endpoint threats - Triage and investigate L2/L3 alerts, reduce false positives, and establish clear escalation paths for each use case - Lead incident response and basic forensics - containment, eradication, and structured lessons learned - Onboard log sources across AWS, JumpCloud, Google Workspace, CDE, and SWIFT; - Run threat hunts based on realistic attack hypotheses specific to a payment platform's risk profile - Build and maintain runbooks and playbooks; automate repetitive actions via SOAR or scripting - Define SOC metrics an