Security Operations Lead

Mission

Join Aily Labs as the founding Security Operations Lead and architect the next generation of security operations from first principles. You will design and build our Security & Governance Agentic Observability Platform—a state-of-the-art system that leverages AI agents to autonomously detect, investigate, and respond to threats while orchestrating holistic governance across our entire security ecosystem. This is not about traditional SIEM and SOC operations—this is about building an AI-native platform that eliminates L1/L2 toil, operates 24/7 autonomously, and redefines what security operations means in an AI-first.

Role
As the Security Operations Lead, you will architect and build Aily's AI-native security operations capability. You will reimagine how security operations work in an AI-first company, moving beyond traditional human-driven models to autonomous, intelligent systems that operate continuously at scale. You will collaborate closely with Platform Security Engineers to build the foundation, then lead a dedicated team to operationalize and evolve the system.

We are looking for candidates with deep expertise in at least 2 of the areas below:

- Security Platform Architecture:

• Understand how to build large-scale security platforms that process and correlate data from across modern technology stacks

• Know how to design systems that ingest telemetry from diverse sources (cloud, applications, infrastructure, identity, endpoints) and make it queryable, actionable, and contextually rich

• Think in terms of relationships and context—understanding how security data connects to assets, identities, ownership, and business impact

• Have experience architecting observability platforms, data pipelines, or detection systems that operate at scale

• Can mentor engineers and build teams that understand platform thinking, not just tool configuration

- Detection Engineering & Threat Understanding:

• Expert at defining what matters in security, distinguishing signal from noise.

• Understand attacker tactics, techniques, and procedures deeply enough to design detection strategies that identify real threats, misconfigurations, policy violations, and anomalies across complex environments

• Know how to write detection logic, tune detection systems, and continuously improve true positive rates

• Understand our threat landscape and can translate risk into actionable detection and response strategies

• Think in terms of workflows, from initial detection through investigation to resolution, and can design effective response patterns that balance automation with human judgment.

- Security Operations & Automation:

• Understand modern security operations deeply, including incident response, alert triage, threat hunting, and remediation

• Believe much of traditional SOC work can and should be automated

• Know how to design intelligent automation that eliminates repetitive work while maintaining high-quality security outcomes

• Understand when to automate fully, when to keep humans in the loop, and how to design escalation patterns for complex decisions

• Can build systems that operate continuously and autonomously, integrating preventative
controls with reactive response capabilities

• Think holistically across the security domain, endpoint, cloud, vulnerability management, compliance, and governance

Your profile

Experience: 5+ years in Security Operations, Detection Engineering, Security Data Engineering, Platform Engineering, or related roles building large-scale security systems, OR equivalent demonstrated skills in building autonomous security platforms.

If you have strong skills but less experience, we encourage you to apply. We value your
ability to build AI-native systems and think in first principles over years in role.

Must-Have Skills:

• Strong systems thinking and ability to architect complex, autonomous systems that operate at scale

• Security operations depth - Deep understanding of security operations (detection, response, incident management), even if you believe traditional SOC models are broken

• Large-scale data systems - Experience building data pipelines, working with large datasets, and designing observability platforms (familiarity with graph databases, time-series databases, or data lakes is a strong plus)

• AI/ML platform thinking - Understanding of how AI agents work, how to orchestrate
independent systems, and how to design agent workflows and decision logic

• Detection logic expertise - Expertise in designing detection strategies, writing detection
rules (YARA, Sigma, KQL, or similar), and understanding attacker TTPs (MITRE ATT&CK)

• Cloud security knowledge - Strong understanding of AWS and/or GCP security services,
logging architecture, and cloud-native monitoring

• Software engineering mindset - You write code to build platforms, not just configure existing tools; you think like a platform engineer

• Team leadership - Proven experience leading, building, or scaling security operations teams

AI-First Mindset: You'll leverage AI tools daily to maximize your efficiency and impact. You believe AI agents are the future of security operations.
Ownership: You'll own your domain end-to-end. Your scope of ownership will be smaller
or larger depending on your level, but you're expected to own it completely—from design to delivery to maintenance. If you prefer to be told what to do, this isn't the right environment for you.

1.5 Nice to Have

• Experience with graph databases (Neo4j, Amazon Neptune, TigerGraph) or building security knowledge graphs

• Hands-on experience with AI agent frameworks (LangChain, AutoGen, CrewAI) or building autonomous agent systems

• Background in security data engineering, including experience with large-scale observability platforms (Datadog, Elastic, custom-built)

• Experience with vector databases and semantic search for security use cases

• Deep understanding of threat modeling methodologies and risk-based detection prioritization

• Proven experience building or leading SOC teams, even if you want to reinvent the model

• High-growth tech company experience, especially in AI/ML environments

• Security certifications like SANS/GIAC (GCIH, GCIA, GCTI), CISSP, or AWS Security Specialty

• Background in offensive security (penetration testing, red teaming) or threat intelligence

• Experience with SOAR platforms or security automation at scale

Who are we?

Founded 2020 in Munich, we are a rapidly expanding scale-up in the B2B SaaS area. We've already assembled a super innovative, smart and fun team of 320+ highly motivated employees around our offices in Munich, Barcelona, Madrid, Cluj and New York. At Aily Labs, we have the bold mission to democratize AI. Our groundbreaking product is an AI-powered mobile app that uses cutting edge GenAI traditional ML to unlock valuable business insights and gives personalized recommendations. Our aim? Disrupting the way corporate entities operate, paving the way for the world's first AI decision intelligence platform that enables faster, simpler and smarter decision-making across the entire value chain, aiming towards full Agentic automation
of key business goals.

What sets us apart?

• Be part of an internationally diverse team that prioritizes security in an innovative, fast-paced environment

• Work in an AI-first company where using AI to solve problems is expected and encouraged, not discouraged

• Contribute to the development of high-quality, secure software that drives sustainable customer value

• Enjoy the flexibility of remote work, continuous growth, and dedicated training resources to support your professional development

About us

LEARN MORE

---