Operational Cybersecurity Specialist

Velux Residential

Join the team protecting VELUX

We are looking for an Operational Cybersecurity Specialist to help strengthen our security operations capabilities and support the continued development of our modern MDR setup.

This is a hands-on role for someone who enjoys working close to real security events, threat detection, and incident response. You will be part of a team that plays a central role in protecting VELUX, while also helping us improve how we monitor , investigate, and respond to threats across the organisation .

We are building a modern security operations environment based on the Microsoft security stack, with a strong focus on threat hunting, detection engineering, automation, and continuous improvement. You will work closely with colleagues across cybersecurity, infrastructure, cloud, and application teams.

The role can be based in either Kolding or Hørsholm. Some travel should be expected.

What you will be doing

As an Operational Cybersecurity Specialist, you will help us detect and respond to threats across the enterprise environment. Your work will include both day-to-day operational security tasks and contributions to improving our long-term security operations capabilities.

Your responsibilities will include :

  • Own the end-to-end collaboration with our third-party European SOC, and act as SME

  • Conducting proactive threat hunting to identify suspicious or malicious activity that may not be detected through standard controls

  • Supporting incident response activities, including triage, investigation, containment, recovery, and lessons learned

  • Developing, tuning, and maintaining detections and analytics to improve visibility and reduce false positives

  • Working with KQL to investigate incidents, support threat hunting, and improve detection logic

  • Contributing to the development and maturity of our MDR setup based on Microsoft technologies such as Sentinel and Defender

  • Supporting automation and auto-remediation initiatives to improve response speed and reduce manual effort

  • Working with detections as code and infrastructure as code principles to help create scalable and repeatable security operations practices

  • Supporting offensive security activities carried out by third parties, such as penetration tests, red team exercises, and technical assessments

  • Helping translate findings from incidents and offensive engagements into practical improvements to detections, processes, and operational readiness

  • Collaborating with teams across cybersecurity, infrastructure, cloud, and applications to strengthen logging, telemetry, and response capabilities

What we are looking for

We are looking for someone who is curious, analytical, and comfortable working in a hands-on operational security role. You do not need to know everything from day one, but you should have a solid foundation in security operations and a genuine interest in developing further.

We expect that you bring:

  • Experience from a role in security operations, SOC, incident response, or a similar hands-on cybersecurity function

  • Good understanding of threat detection, investigation, and threat hunting in enterprise environments

  • Experience working with SIEM and EDR/XDR technologies

  • Practical knowledge of the Microsoft security ecosystem, ideally including Microsoft Sentinel and Microsoft Defender

  • Experience using KQL for log analysis, investigation, or detection development

  • Familiarity with attacker techniques and frameworks such as MITRE ATT&CK

  • Interest in or experience with automation, detections as code, and infrastructure as code

  • Strong communication and collaboration skills, and the ability to work effectively across technical teams

  • A structured and calm approach when handling incidents or working under pressure

It would be an advantage if you also have experience with one or more of the following:

  • Network, Windows, or Unix forensics

  • Identity security, including Entra ID, Conditional Access, or PIM

  • Vulnerability management

  • Scripting or automation using PowerShell, Python, or similar

  • Certifications such as SC-200 or AZ-500

What kind of person will thrive in this role

This role will suit someone who enjoys combining operational security work with continuous improvement. You are likely someone who takes ownership, asks questions, and looks for ways to make detection and response more effective.

You work well with others, communicate clearly, and are motivated by making a visible difference to the security of the organisation .

Why join us

This is an opportunity to be part of building and maturing a modern security operations capability in a large enterprise environment. Your work will have a direct impact on how we detect threats, respond to incidents, and strengthen our overall security posture.

If you are looking for a role where you can contribute both operationally and strategically to the development of security operations, this could be a strong next step.

Hvordan man ansøger

For at ansøge om dette job skal du autorisere på vores websted. Hvis du ikke har en konto endnu, bedes du tilmelde.

Se flere job i Hørsholm, Region Hovedstaden, job i Danmark