At Solidgate, our mission is clear: to empower outstanding entrepreneurs to build exceptional internet companies. We exist to fuel the builders — the ones shaping the digital economy — with the financial infrastructure they deserve. To achieve that, we’re on a bold path: to become the #1 payments orchestration platform in the world.
We believe the future of payments is shaped by people who think big, take ownership, and bring curiosity and drive to everything they do. That’s exactly the kind of teammates we want on board.
We’re building the #1 payment orchestrator in the world — and the names behind us prove it. Clients include Bolt, Ajax, Nova Post, MEGOGO. Trusted by giants like J.P. Morgan. Ranked #2 in the “Employer of the Year 2026” award by Forbes Ukraine.
Solidgate processes millions of payments across 120+ services, including its own acquiring module, and operates in a regulated environment with real cardholder data and SWIFT connectivity. You'll define what detection looks like at Solidgate: what gets monitored, what gets detected, and how the team responds when something goes wrong.
What You Will OwnBuild and operationalize the SIEM from PoC to production - including case management and UEBA, with full ownership of the technology selection
Design, write, and tune detection rules mapped to MITRE ATT&CK, covering identity compromise, privilege escalation, lateral movement, and endpoint threats
Triage and investigate L2/L3 alerts, reduce false positives, and establish clear escalation paths for each use case
Lead incident response and basic forensics - containment, eradication, and structured lessons learned
Onboard log sources across AWS, JumpCloud, Google Workspace, CDE, and SWIFT;
Run threat hunts based on realistic attack hypotheses specific to a payment platform's risk profile
Build and maintain runbooks and playbooks; automate repetitive actions via SOAR or scripting
Define SOC metrics and own monthly reporting to management on detection coverage and response performance
3+ years in SOC / Detection & Response at L2/L3 level, with hands-on investigation experience
Practical experience building or operating a SIEM, including writing and tuning detection rules
Detection engineering with MITRE ATT&CK mapping; confident with KQL, SPL, or equivalent query languages
Experience investigating cloud log sources: AWS CloudTrail, GuardDuty, Google Workspace, EDR/XDR
Scripting and automation skills (Python or similar) for telemetry processing and routine tasks
Solid understanding of attacker techniques and how they manifest in logs - not just tool knowledge, but threat understanding
Structured under pressure: disciplined investigation process, clear documentation, clean post-mortems
SOAR experience and a detection-as-code approach (version control for rules, CI pipelines for detection)
UEBA, threat intelligence enrichment, or alert contextualization at scale
Familiarity with payment-specific environments - CDE monitoring, SWIFT, PCI DSS context
Purple teaming experience working alongside an offensive security team
You'll own the Security Operations direction at Solidgate - this isn't a slot in someone else's SOC, it's yours to build
Real data, real threats - a fintech processing millions of transactions is a genuinely complex detection environment, not a sandbox
You'll choose the stack: SIEM, SOAR, detection framework - your decisions will shape how Solidgate detects threats for years
Direct path to leading the SOC function and growing the team as the company scales
Hands-on experience at the intersection of cloud-native infrastructure, IR, and detection engineering in a regulated environment - a combination rare outside large enterprises
Impactful work: you're monitoring and defending financial infrastructure that processes millions of real payments. What you detect and respond to directly affects the company's risk profile and the businesses relying on the platform.
Creative freedom: the SOC is greenfield. No inherited SIEM, no legacy detection rules, no alert fatigue from someone else's misconfigured use cases. You build the detection stack from scratch and own every decision in it.
Career growth: a realistic path to leading the Security Operations function within 6-12 months, with direct collaboration with a CISO who came up through the technical side. Want to go deeper into cloud detection, threat intelligence, or automation? That door is open.
Ownership culture: you own the detection lifecycle end to end - log onboarding, use case design, triage, response, and reporting. No hand-offs, no findings that disappear into a backlog.
People worth working with: a senior InfoSec team that takes security seriously and treats detection gaps as engineering problems worth solving. Smart, experienced teammates who raise the bar and actually have each other's backs.
💌 The Extras: 30+ days off, unlimited sick leave, free office meals, health coverage, and Apple gear to keep you productive. Courses, conferences, sports and wellness benefits — all designed for ideas, focus, and fun.
Security at scale is rare to build from scratch. This is that chance
🫂 Know top talent? We’re always on the lookout. Recommend someone for our role, and if they get hired, there’s a bonus waiting for you — simple as that.
