Operative is a revenue accelerant for media companies around the world. No other software company in AdTech space, brings a comparable depth of experience to create truly innovative software that performs across all platforms, revenue models and business units. We are a SAAS (Software as a Service) platform which helps clients manage advertisements both in the linear (TV) and digital space. We have been in the market for over two decades and have 1100+ employees with 12 offices spread across the globe. Operative is proud to play a pivotal role in the way advertising is bought, sold and managed across the media industry.

Role Summary:

We are looking for an Information Security Engineer who will serve as the first line of defense in our security operations team.

This role involves monitoring and responding to security alerts and incidents generated from Managed Detection and Response (MDR) and Extended Detection and Response (XDR) to safeguard organizations' information and assets. This role also involves the creation of comprehensive incident reports and contributes to the development and maintenance of incident response playbooks.

The ideal candidate is experienced with CrowdStrike Falcon (minimum 2 years) and is comfortable owning integrations, controls, and security policies end-to-end.

Responsibilities:

CrowdStrike Ownership

Own CrowdStrike Falcon operations end-to-end, including:

Policy design, continuous fine-tuning, and enforcement
Sensor deployment, health monitoring, and coverage validation
Integrations with SIEM, SOAR, ticketing, and other security platforms

Design and implement automations within CrowdStrike, including:

Automated containment and response actions
Workflow automation for alert handling and escalation
Reduction of alert noise through intelligent tuning and suppression
Continuously optimize detections, prevention controls, and response logic to improve signal-to-noise ratio and reduce mean time to respond (MTTR).

Threat Intelligence & IOC Management

Own Threat Intelligence operations, including:

Tracking emerging threats and active threat actor campaigns
Maintaining and updating Indicators of Compromise (IOCs) (hashes, IPs, domains, TTPs)
Translating threat intelligence into CrowdStrike detections, policies, and automated responses
Proactively update detection and response logic based on changes in the threat landscape.

Security Operations & Incident Response

Monitor, analyze, and respond to security alerts and incidents generated by MDR and XDR platforms.
Lead containment, eradication, and recovery efforts during security incidents.
Perform root cause analysis and drive corrective actions to prevent recurrence.
Produce clear, executive-ready incident reports and contribute to incident response playbooks.

Alert Triage & Analysis

Assess severity and legitimacy of alerts, distinguishing false positives from real threats.
Analyze alerts using contextual data, system logs, and threat intelligence to determine impact and scope.
Identify anomalous behavior indicative of compromise or policy violations.

Vulnerability Management & Remediation Enforcement

Open, track, and maintain vulnerability remediation tickets with Engineering and Cloud teams
Clearly document risk, severity, and remediation expectations for each finding
Actively enforce remediation timelines, following up with responsible teams until closure
Validate remediation effectiveness and ensure vulnerabilities are formally closed
Escalate overdue or high-risk findings when remediation is delayed or blocked

Collaboration, Automation & Improvement

Work closely with internal engineering, IT, and cloud teams during incidents.
Coordinate with external security vendors when required.
Participate in post-incident reviews and continuously improve detection, automation, and response maturity.
Contribute to security awareness and education initiatives, particularly for non-security audiences

Must-Have Skills:

Minimum 2 years of hands-on experience owning CrowdStrike Falcon, including fine-tuning, automation, and response workflows.
Knowledge of TCP/IP, VPNs, firewalls, and intrusion detection/prevention systems.
Demonstrated experience building automated response actions inside CrowdStrike.
Experience working with MDR / XDR platforms in production environments.
Strong understanding of networking fundamentals and AWS services.
Understanding of common attack vectors (phishing, malware, ransomware) and how to mitigate them.
Proven ability in log analysis and IOC-driven investigations.
Experience operationalizing Threat Intelligence into detections and automated controls.
Excellent written and verbal communication skills.
Strong documentation skills for playbooks, investigations, and procedures.
Solid understanding of security frameworks and best practices.
Knowledge of cybersecurity frameworks (e.g., MITRE ATT&CK, VERIS, Cyber Kill Chain, Diamond Model, and other frameworks)
Working Conditions: This role may require participation in an on-call rotation and the ability to respond to security incidents during non-standard hours.

Why join us?

Operative is a technology-oriented product organization that believes in empowering its people
We use the latest tech stack and empower our engineers to learn, work and ideate on new technologies available in the market
We provide flexi work schedules and remote working to encourage work life balance
We are an equal opportunities employer and recruit based on the experience and skill set.
We offer a competitive salary and benefits package

“Operative is a merit-first, equal opportunity employer; diverse applications are encouraged.”

Operative cares about your privacy and protecting your data. By submitting an application for a position with Operative, you acknowledge that you have read the following and consent to how Operative treats your data: the Candidate Privacy Policy

and the Candidate Notice for Data Transfer and Retention.

Apply now

See more open positions at Operative

Privacy policy Cookie policy