Detection Engineer (/) (m/f/d)

Detection Engineering & Development: Development of new use cases and recognition rules using Threat Intelligence and the MITRE ATT&CK Framework. End-to-End Lifecycle Management: Responsibility for the entire life cycle of a detection – from conception to testing and deployment to documentation and regular re-evaluation. Tuning & Optimization: Current analysis of existing set of rules for minimizing false positives and sharpening of recognition logic. Automation (SOAR): Conception and implementation of playbooks for the automation of routine tasks and connection of internal and external interfaces (APIs) to the Google SecOps platform. Threat Hunting: Proactive search for anomalies and hidden threat patterns in the data stocks that have not yet been detected by automatic rules and deriving new detections from them. Third-level support & escalation: support of SOC analysts in evaluating complex security-relevant events and critical alarms. Detections as Code (DaC) Care: Maintenance of Detection Rules in version control systems (e.g. Git) and support in building CI/CD pipelines for testing and deployment of rules.

Complete IT-oriented training or completed technical studies (e.g. computer science, IT security, cyber security). Multiannual professional experience in the Security Operations Center (SOC) environment. Finded knowledge of pentesting, red or purple teaming for deep analysis and understanding of modern attack vectors. Expert knowledge in the detection and analysis of attack vectors in log data. Multiannual practical experience in Detection Engineering / Threat Detection. Extensive experience in the development, optimization and documentation of individual detection rules. Detectional expertise in the transfer of documented attack vectors into precise and effective detection logics. Experience in the quality assurance of Detection Use Cases (test conception, test implementation, validation). Certifications such as OSCP or comparable qualifications are advantageous. Experience with Google SecOps (former Chronicle) is a plus.

Modern working environment: In our new offices in the south of Munich (with Alpenblick), an inspiring industrial loft-style working environment awaits you at 1,500 m2, with open space, open areas as meeting places, sufficient space for project work and quiet areas for focused work. Home Office opportunity: You want to make the world safer from home office? No problem: Work flexibly with our hybrid model – 2 days in the office, 3 days remote. Of course you will get the necessary equipment for your home office. Perfect connection: Our office is within walking distance of the S7 stop Siemenswerke and the U3 Obersendling. Your fitness boost: with our partner gyms and the Urban Sports Club or We offer Hansefit the opportunity to make your multisport plan flexible from more than 50 sports and different partners. Bike-Friendly: Secure bicycle parking and showers in the building allow you to start the day. No bike? You can change this with our Jobrad program. Sustainability in focus: Our data centers run completely with eco-current and highly efficient Kyoto cooling. Our Munich office is certified according to the LEED Gold standard for sustainable construction. .