Purple Operations Engineer

Mission Strengthen Sporty’s detection and response capability by tuning EDR, SIEM, and security monitoring platforms so they produce high-quality alerts, reduce noise, and give security teams clear signals on real threats. The Purple Operations Engineer owns the quality, coverage, and reliability of security detections across endpoint, identity, cloud, network, and application telemetry. This role works closely with Threat Intelligence, Red Team, Purple Team, SOC, Detection Engineering, and Incident Response to convert threats, incidents, and attack simulations into tuned alerts, correlation rules, dashboards, playbooks, and control checks. What you'll be doing Tune EDR, SIEM, and XDR detections to reduce false positives and improve alert quality. Build and maintain detection rules, correlation searches, dashboards, watchlists, and response workflows. Translate Red Team, Purple Team, incident, and Threat Intelligence findings into repeatable defensive checks. Validate that EDR policies, prevention rules, logging, sensor health, and response actions work as expected. Review noisy alerts and tune thresholds, exclusions, lookups, entity context, and suppression logic. Support SOC analysts with clear alert descriptions, triage steps, severity logic, and escalation guidance. Improve log coverage, parsing, field normalization, enrichment, and data quality. Map detections to MITRE ATT