Security Operations Lead EMEA (F/M/D)

Flowdesk's mission is to build a global financial institution for digital assets, one designed from the ground up for market integrity and efficiency.

To achieve this in a rapidly evolving market, we apply a disciplined, first-principles approach to everything we do. This approach is embedded in our core services, from institutional liquidity provision, trading solutions, OTC execution to our comprehensive treasury management offerings. This is how we cut through the noise and build robust and scalable systems across all our business lines.

Therefore, we seek individuals who are driven by this systematic approach. Joining Flowdesk means you will be a key contributor in building and scaling a more transparent and efficient financial markets infrastructure.

As a SecOps Lead at Flowdesk, you will be the principal point of contact for our Managed Detection and Response partner , ensuring rapid, coordinated responses to security incidents and continually enhancing Flowdesk’s security posture.

Your mission will be to

• Serve as the primary interface for our MDR partner, manage the relationship, hold regular service reviews, and verify all SLAs are met.
• Act as incident commander during security events, coordinating with IT, engineering, and business teams to ensure swift containment and recovery.
• Review and tune security alerts with the MDR provider, refining detection rules to minimize false positives and improve threat identification accuracy.
• Develop, track, and report on key MDR performance indicators (KPIs) to leadership, highlighting trends and the effectiveness of security operations.
• Maintain and evolve our security incident response plan (IRP) and playbooks with the MDR provider; identify and close gaps in tools, processes, and policies.
• Communicate technical security issues effectively to all stakeholders, translating risks into business terms and offering actionable guidance on best practices.
• Contribute to a wide range of cybersecurity initiatives beyond traditional SecOps, assisting with projects in vulnerability management, cloud security, data protection, and governance, risk & compliance to strengthen our overall security posture.

Requirements

• Deep understanding of the incident response lifecycle (preparation, identification, containment, eradication, recovery, lessons learned). Proven experience managing and responding to complex security incidents.
• Hands-on experience with SIEM platforms (e.g., Splunk, Sentinel, QRadar). Ability to query data, analyze logs, and understand how data sources feed into threat detection.
• Strong knowledge of EDR tools (e.g., CrowdStrike, SentinelOne, Carbon Black) and their role in detecting and responding to threats on endpoints.
• Solid understanding of network protocols, firewalls, intrusion detection/prevention systems (IDS/IPS), and network traffic analysis.
• Familiarity with security principles and services in major cloud environments (AWS, Azure, GCP).
• Ability to consume and apply threat intelligence to proactively improve security controls and detection mechanisms.
• Experience with MacOS desired. Experience with web3 environments desired.
• Must be able to articulate complex technical concepts to both technical and non-technical audiences.
• Proven ability to manage third-party vendor relationships, hold partners accountable, and drive value from the service.
• A strong analytical mindset with the ability to critically evaluate security alerts and investigation findings to determine the root cause and appropriate response.
• Organized and able to manage multiple tasks, prioritize effectively, and drive projects to completion

Benefits

• International environment (English is the main language)
• 100% health coverage
• Team events and offsites

Recruitment process

Are you interested in this job but feel you haven't ticked all the boxes? Don't hesitate to apply and tell us in the cover letter section why we should meet

Here's what you can expect if you apply

1. HR Call with our Tech Talent Acquisition (30’)
2. Technical interview with Our Cybersecurity Director (60’)
3. Technical Meeting with our Senior SR & Cybersecurity Engineer (30’) and our Staff Site Reliability Engineer (30’)
4. Wrap up interview with our TA Team (45’)
5. C-Level interview (30’)
   
   

On the agenda, discussions rather than trick questions! These moments of exchange will allow you to understand how Flowdesk works and its values. But they are also (and above all) an opportunity for you to present your career path and your expectations for your next job.

We are committed to an inclusive and accessible recruitment process. If you require any reasonable adjustments or have specific needs to enable you to participate fully in the interview or assessment process (e.g., a sign language interpreter, extra time for a test, or an accessible location), please contact us to discuss how we can support you.