Job Description

Security Operations Lead

Department: Engineering

Employment Type: Full Time

Location: Croatia

Reporting To: Chad Howell

Newfire Global Partners is a leading technology firm that specializes in building transformative software solutions for some of the world’s most innovative companies. With a presence across four continents, Newfire Global brings deep expertise in digital healthcare, AI-driven analytics, and enterprise technology. The firm’s track record of delivering scalable, high-impact solutions has made it a trusted partner for organizations seeking to drive meaningful change through technology.

We are passionate about the purpose-driven mission to help improve the quality of care for patients and are building a collaborative, innovative, and inclusive culture. We are a fully funded company founded by serial entrepreneurs with a stable client base.
Opportunity for impact


Newfire Global Partners, a leader in developing disruptive healthcare technology, collaborates with Fortune 500 companies and start-ups to drive transformation.
Newfire is seeking a Lead Security Operations Engineer

The Lead Security Operations Engineer is a senior-level individual contributor role within our Information Security department. Acting as the ultimate technical authority for our operational security defenses, you will be hands-on in architecting, implementing, and optimizing our core security systems. This role goes beyond daily monitoring; you will own the technical direction of our Data Loss Prevention (DLP), SIEM engineering, proactive threat hunting, and incident response programs.

Your day-to-day activities:

• Security Program Ownership: Design, implement, and continuously mature critical security programs, acting as the primary technical owner for Data Loss Prevention (DLP) to safeguard sensitive company data across the environment.
• SIEM Engineering & Automation: Engineer and optimize our Security Information and Event Management (SIEM) platform. Oversee log ingestion strategies, write complex custom detection rules, and leverage scripting (e.g., Python, PowerShell) to automate alert triage and response workflows.
• Vulnerability Hunting & Management: Lead proactive vulnerability hunting and assessment initiatives. Continuously evaluate infrastructure weaknesses and partner closely with IT and infrastructure teams to drive and track remediation of identified risks.
• Incident Response (IR): Act as the primary technical responder and incident commander during security events. Perform deep-dive forensic analysis, coordinate technical investigations, and guide cross-departmental teams through containment, eradication, and post-incident reviews.
• Tool Lifecycle Management: Evaluate, deploy, and maintain the operational security tech stack. Ensure tools integrate seamlessly with the existing environment, continuously tuning them to reduce false positives and maximize return on investment.
• Cross-Functional Influence: Serve as a subject matter expert and technical mentor within the broader technology organization, fostering a culture of security awareness and collaborative risk mitigation.

Please note that employment will be contingent upon providing documentation verifying your legal work authorization in the country of residence, in accordance with applicable law.

You’re a perfect match if you have:

• Experience: 5+ years of dedicated experience in Cybersecurity, with at least 3 years focusing heavily on Security Engineering, Incident Response, or advanced Security Operations.
• IC Leadership: Proven track record operating successfully as a senior individual contributor, technical lead, or system architect.
• Technical Tooling: Deep, hands-on expertise in engineering and tuning enterprise SIEM solutions (e.g. Sentinel), and DLP platforms (e.g. Nightfall).
• Automation & Scripting: Proficiency in scripting languages (such as Python, PowerShell, or Bash) specifically for security automation, data parsing, and API integrations.
• Threat Intelligence: Strong practical understanding of network protocols, threat actor tactics, techniques, and procedures (TTPs), and the MITRE ATT&CK framework.
• Certifications (Preferred): Advanced, practitioner-focused industry certifications such as GCFA (GIAC Certified Forensic Analyst), GCIA (GIAC Certified Intrusion Analyst), OSCP (Offensive Security Certified Professional), or CISSP.