At Nortal we believe in thinking big – creating solutions that have a meaningful, far-reaching impact, whether through digitizing governments, improved healthcare, convenient telecom services or creating a competitive edge and agility for large businesses, industry, and manufacturing companies. Our projects have touched more than half a billion people’s lives worldwide, and we’re just getting started.

Ready to make an impact? Join us as a Senior Cyber Security Engineer, bringing deep technical experience in Microsoft and cloud security ecosystems. This role bridges internal information security unit and its managed SOC (SOCaaS) partner, ensuring operational alignment, technical transparency, and continuous improvement of the company’s detection and response capabilities. The position is ideal for someone who thrives at the intersection of engineering, process management, and service oversight - someone who can speak both the language of analysts and the language of architecture.

What you will do

• Act as technical liaison between Nortal and the external SOCaaS provider, ensuring service quality, timely response, and adherence to security SLAs.
• Lead onboarding and coordination of detection rules, use cases, and alert workflows between internal teams and the SOCaaS partner.
• Configure and maintain Microsoft security tools - including Defender XDR, Azure Sentinel (SIEM), Entra ID Protection, and Defender for Endpoint - to ensure visibility and integration with managed SOC services.
• Review and approve SOCaaS detections, escalation workflows, and playbooks, ensuring they reflect companies specific threat model and compliance context (ISO 27001, GDPR).
• Support incident response coordination: validate escalations, guide containment actions, and contribute to post-incident reviews.
• Develop and maintain the SOC role and access model, aligned with least privilege principles and internal access governance.
• Identify and lead process improvement and automation initiatives to enhance SOCaaS efficiency and reduce manual effort.
• Contribute to vulnerability management and threat exposure reduction by working with IT, cloud, and development teams.
• Produce regular operational metrics and performance reports for management and audits.

What you will do

• Master’s Degree in Cyber Security, Computer Science, or related field.
• 5+ years of hands-on experience in cyber defense, SOC operations, or cloud security engineering.
• Proven experience with Microsoft Defender, Azure Sentinel, and Entra ID ecosystem.
• Experience coordinating with external Managed Security Service Providers (MSSP/SOCaaS).
• Familiarity with vulnerability and risk management frameworks (Bitsight, NIST CSF, ISO 27001).
• Understanding of identity security, incident response, and automation (e.g., Logic Apps, PowerShell).
• Proactive mindset with focus on long-term resilience beyond individual incidents.

Why Nortal?

• We hire people not only for their skills but also for cultural add. We live by our values: commit to delivering value and results, take ownership, empower yourself and others, and own your future and growth. Besides our professionalism, we like to spice things up with good humor.
• We care about your growth & development. At Nortal, we support constant improvement and knowledge sharing. In addition to the external and internal training, we have a well-established mentorship program and strong 1:1 culture.
• We prioritize your health & well-being by providing a flexible package for health insurance and sports initiatives.
• We support your work-life balance and provide flexible working hours.
• It's your choice whether you want to work from the office or remotely within Estonia.
• We have also launched the Nortal Nomad program for people wanting to move short-term to some other country.