Intermediate SecOps Engineer

Based in Europe, the Eclipse Foundation is one of the world’s largest open source software foundations, with a proven track record of enabling community-led and industry-ready open source innovations used by millions of developers globally, earned over more than two decades.

The foundation is home to more than 400 high-impact projects and collaborations, including Open VSX, Adoptium, Jakarta EE, Eclipse IDE, and OpenHW Foundation. Supported by over 300 members globally, the Eclipse Foundation has an established international reach and reputation.

The Role
The Eclipse Foundation is seeking a skilled and proactive Intermediate SecOps Engineer to join our Infrastructure team. This role focuses on threat detection, incident response, security monitoring, and operational resilience across the Foundation’s infrastructure and
services.

You will help improve our ability to detect, investigate, contain, and recover from security incidents. Working closely with infrastructure, release engineering, and development teams, you will maintain security visibility across systems, contribute to response playbooks, improve alert quality, and support a culture of operational security.

Salary Range: 50k€ - 75k€
Location: This is a remote position. The selected candidate will work from their home office. All qualified candidates will be considered, with preference for candidates based in Canada and the European Union.

Core Responsibilities

As a SecOps Engineer, your day-to-day activities will include:

• Threat Detection and Security Monitoring: Develop, maintain, and improve detection rules, alerts, dashboard, and monitoring workflows across infrastructure, cloud services, identity systems, endpoints, and application platforms.
• Incident Response Coordination: Participate in incident response activities, including triage, investigation, containment, remediation coordination and post-incident analysis.
• Help ensure incidents are handled consistently and that lessons learned lead to concrete improvements.
• SIEM and Security Tooling Operations: Operate and improve security monitoring tooling, including SIEM, log aggregation, alerting, vulnerability management, and related detection and response platforms. Work to reduce false positives while improving visibility into meaningful risks.
• Threat Hunting and Investigation: Proactively investigate suspicious activity, anomalous behavior, and emerging threats affecting infrastructure and services. Translate findings into improved detections, response procedures, and hardening recommendations.
• Security Operations Process Improvement: Create and maintain incident response playbooks, escalation procedure, actionable security guidance, and operational documentation to cloud operations, product development, and systems engineering teams. Help define practical security workflows that can be followed during both routine operations and active incidents.
• Infrastructure Security Hardening: Collaborate with the systems engineering team to identify and remediate security weaknesses in cloud, container, Linux, network, identity, and service configurations.
• On-Call work: Some events may require time outside of regular hours to respond appropriately.
• Disaster Recovery Execution: Actively participate in comprehensive disaster recovery planning, business continuity strategy formulation, and live simulations/exercises to validate system resilience and team readiness.

Technical Qualifications

• 3–5+ years of professional experience in an active security operations, infrastructure security, incident response, or a related operational security role.
• Hands-on experience with security monitoring, alert triage, incident investigation, and response workflows.
• Experience with SIEM, log aggregation, alerting, or detection engineering tools.
• Strong understanding of Linux systems, networking fundamentals, identity and access management, and common infrastructure attack techniques.
• Familiarity with containerized environments (Docker, Kubernetes, OKD/OpenShift), and public cloud ecosystems (AWS, Azure, or GCP).
• Experience writing or maintaining operational runbooks, response procedures, detection rules, or incident documentation.
• Working knowledge of common security frameworks and attacker techniques, such as MITRE ATT&CK, CIS Controls, or similar.
• Relevant certifications are highly desirable (e.g., CompTIA Security+, CEH, CSSLP, CCSP, or cloud security certifications).

Professional Skills

• Strong analytical and troubleshooting skills, especially under time-sensitive operational conditions.
• Clear communication skills with the ability to articulate complex security incidents, risks, and remediation steps to both technical and non-technical stakeholders.
• Strong diplomatic skills capable of facilitating alignment between developers and strict security compliance goals.

We offer competitive compensation along with a comprehensive benefits package. We thank all applicants for their interest; however, only those selected for an interview will be contacted. For more information about the Eclipse Foundation, please visit our website at
eclipse.org.

The Eclipse Foundation respects the dignity and independence of people with disabilities and is committed to providing accommodation and support throughout any recruitment process. If you require any special accommodation or support, please let us know when applying.