Cybersecurity Engineer

We are seeking a hands-on and proactive
Security Engineer – Detection & Response
to lead technical investigations, enhance threat detection, and drive effective responses to cybersecurity incidents. You will serve as the primary point of contact with our external Security Operations Centre (SOC), supporting alert investigations and mitigation efforts.

Rompetrol
, part of
KMG International
, is the place where thousands of minds and over 200 specializations spread throughout 11 countries are connecting to each other to create the energy we all need to get further. We believe that through trial and perseverance, true ambition is inspired, and success achieved. With this reasoning, we intend to welcome you to our Rompetrol family and help you reach your full potential.

So, are you ready to fuel your career, in a diverse and fulfilling environment?

Your new role:
You will oversee the implementation and continuous optimization of our XDR (Extended Detection and Response) platform, ensuring it is properly configured, monitored, and tuned to detect modern threats across endpoints, networks, and cloud environments.

Activities going to help you shine:

• Actively investigate, analyze, and respond to security alerts, incidents, and potential threats from the external SOC.
• Validate, triage, and prioritize alerts to distinguish real threats from false positives.
• Lead and perform hands-on incident investigations, including log analysis, endpoint forensics, and correlation of network data.
• Install, configure, manage, and monitor the organization's XDR solution to ensure optimal visibility and coverage.
• Tune detection rules, integrations, and response playbooks within the XDR to adapt to the evolving threat landscape.
• Collaborate with IT, application owners, and other internal stakeholders during incidents to ensure rapid response and recovery.
• Conduct root cause analysis, document findings, and follow up on mitigation and remediation actions.
• Monitor and assess SOC service quality, detection effectiveness, and escalate gaps or performance issues with the MSSP.
• Organize and lead post-incident reviews, producing actionable insights and continuous improvement recommendations.
• Stay up to date with the threat landscape, TTPs (Tactics, Techniques, and Procedures), and emerging risks to enhance detection logic.
• Generate periodic incident metrics and reports for leadership, highlighting trends, gaps, and recommendations.

The fuel needed to go further with us:

• Bachelor's degree in Cybersecurity, Information Technology, or related field (or equivalent practical experience).
• 3–5+ years in security operations, incident response, or SOC roles, with demonstrable hands-on experience.
• Strong understanding and practical experience with XDR platforms (e.g., Microsoft Defender, Palo Alto Cortex XDR, etc.).
• Proficiency with SIEM platforms, endpoint/EDR tools, network traffic analysis, and log correlation.
• Experience with detection frameworks such as MITRE ATT&CK, and threat modeling techniques.
• Excellent problem-solving and analytical skills, with a high level of attention to detail.
• Relevant certifications (e.g., GCIH, GCFA, GCIA, OSCP, CISSP) are preferred.

You will be supplied with:

• Meal tickets
• Vacation bonus
• The number of your vacation days increase according to your seniority so that you'll enjoy more free time.
• Access to private medical system (medical package) and special subscription rates for family members
• On site medical assistance
• Life and medical insurance
• Free days and financial support for personal events (marriage, childbirth, loss of a close relative)
• Study leave
• Christmas/1st of June celebration with a special gift for children
• Partners' discounts
• Access to training programs
• Supportive and professional teams and environment
• Bookster (borrow books for free, delivered in the office)
• Fuel discount in our gas stations with RompetrolGo+ card
• Short working schedule on Friday
• Flexible working program
• Hybrid schedule: 4 days at the office, 1 day remote

What you need to do now:

If you are interested in this role, go to "apply now" to send an updated copy of your resume.

Fuel your career and start a new journey with us

#GetFurtherWithUs