We are looking for an Operational Cybersecurity Specialist to help strengthen our security operations capabilities and support the continued development of our modern MDR setup.
This is a hands-on role for someone who enjoys workingclosetoreal security events, threat detection, and incident response. You will be part of a team that playsa central rolein protecting VELUX, while also helping us improve how wemonitor, investigate, and respond to threats across theorganisation
We are building a modern security operations environment based on the Microsoft security stack, with a strong focus on threat hunting, detection engineering, automation, and continuous improvement. You will work closely with colleagues across cybersecurity, infrastructure, cloud, and application teams.
The role can be basedineither Kolding or Hørsholm. Some travel should be expected.
What you will be doing
As an Operational Cybersecurity Specialist, you will help us detect and respond to threats across the enterprise environment. Your work will include both day-to-day operational security tasks and contributions to improving our long-term security operations capabilities.
Yourresponsibilitieswillinclude
Own the end-to-end collaboration with our third-party European SOC, and act as SME
Conducting proactive threat hunting toidentifysuspicious or malicious activity that may not be detected through standard controls
Supporting incident response activities, including triage, investigation, containment, recovery, and lessons learned
Developing, tuning, andmaintainingdetections and analytics to improve visibility and reduce false positives
Working with KQL to investigate incidents, support threat hunting, and improve detection logic
Contributing to the development and maturity of our MDR setup based on Microsoft technologies such as Sentinel and Defender
Supporting automation and auto-remediation initiatives to improve response speed and reduce manual effort
Working with detections as code and infrastructure as code principles to help create scalable and repeatable security operations practices
Supporting offensive security activities carried out by third parties, such as penetration tests, red team exercises, and technical assessments
Helping translate findings from incidents and offensive engagements into practical improvements to detections, processes, and operational readiness
Collaborating with teams across cybersecurity, infrastructure, cloud, and applications to strengthen logging, telemetry, and response capabilities
What we are looking for
We are looking for someone who is curious, analytical, and comfortable working in a hands-on operational security role. You do not need to know everything from day one, but you should have a solid foundation in security operations and a genuine interest in developing further.
We expect that you bring:
Good understanding of threat detection, investigation, and threat hunting in enterprise environments
Experience working with SIEM and EDR/XDR technologies
Practical knowledge of the Microsoft security ecosystem, ideally including Microsoft Sentinel and Microsoft Defender
Experience using KQL for log analysis, investigation, or detection development
Familiarity with attacker techniques and frameworks such as MITRE ATT&CK
Interest in or experience with automation, detections as code, and infrastructure as code
Strong communicationand collaboration skills, and the ability to work effectively across technical teams
A structured and calm approach when handling incidents or working under pressure
It would be an advantage if you also have experience with one or more of the following:
Network, Windows, or Unixforensics
Identity security, including Entra ID, Conditional Access, or PIM
Vulnerabilitymanagement
Scripting or automation using PowerShell, Python, or similar
Certifications such as SC-200 or AZ-500
What kind of person will thrive in this role
This role will suit someone who enjoys combining operational security work with continuous improvement. You arelikely someonewho takes ownership, asks questions, and looks for ways to make detection and response more effective.
You work well with others, communicate clearly, and are motivated by making a visible difference to the security of theorganisation
Why join us
This is an opportunity to be part of building and maturinga modernsecurity operations capability in a large enterprise environment. Your work will have a direct impact on how we detect threats, respond to incidents, and strengthen our overall security posture.
If you are looking for a role where you can contribute both operationally and strategically to the development of security operations, this could be a strong next step.

For more than 80 years, the VELUX Group has created better living environments for people around the world; making the most of daylight and fresh air through the roof.
Our product programme includes roof windows and modular skylights, decorative blinds, sun screening products and roller shutters, as well as installation and smart home solutions. These products help to ensure a healthy and sustainable indoor climate, for work and learning, for play and pleasure.
We work globally – with sales and manufacturing operations in 35 countries and around 11,000 employees worldwide. The VELUX Group is owned by VKR Holding A/S, a limited company owned by the Villum Foundation and members of the Kann Rasmussen family. The VELUX Group’s financial results are incorporated into VKR Holding’s consolidated accounts. In 2024, the VELUX Group had a total revenue of EUR 2.96 billion, VKR Holding had a total revenue of EUR 3.87 billion, and the Villum Foundation and the VELUX FOUNDATION donated EUR 169 million in charitable grants.