SIEM/SOAR Attack Vector Detection Expert (m/w/d)

As a primary digitization partner of the Bundeswehr, we provide stable, safe and efficient IT services in Germany and abroad, from basic operations to the field close to the application and thus contribute to the continuous increase in the leadership and operational capacity of the Bundeswehr. With over 7,700 colleagues, we operate and modernise one of the largest and most complex IT infrastructures in Germany. We are looking for responsible IT specialists who are convinced that the Bundeswehr-IT will further develop in challenging digitalization projects and thus contribute to Germany's security. Together with us, you are worried about the future digital capability of the Bundeswehr. (m/w/d) from now on and in full time in Bonn or Cologne. In the area of Cyber Defense Center (CDC) and the Security Operations Center (SOC) of BWI, security-relevant systems and networks are monitored and sensor systems for detecting attacks on IT infrastructures are evaluated by IT security analysts. We are part of the Competence Center IT-Security (CCITS) in which the IT, information and cyber security competencies are centralized within the CDO division of BWI. Security Engineering & Automation is part of the Cyber Defense Center and deals with (part-)automated detection of potential IT security incidents that are subsequently processed in the SOC.

independent design, configuration and administration of Linux-based IT security systems; Responsibility and advice for security management and release planning Responsibility for cooperation in security projects to support the connection of new data sources to the SIEM system Care and care of the rules used in the SIEM system Responsibility for the creation and further development of use cases in the SIEM system as well as playbooks in the SOAR system Responsibility for creating an operational map for your own department and the Security Operations Center to display the KPIs of Use Cases and Playbooks You contribute to the optimization of processes in the field of IT security engineering & automation and are responsible for the documentation and knowledge building Manage Use Cases in the BWI-owned Use Case Management Tool and SIEM Normalization of log data Creation of small scripts for normalization and pseudonymization Project work in the Advanced Cyber Security Program and support of the associated project organization Representation of its own department and its management in defined bodies, such as project sounding boards, TownHall meetings and Communities of Interest

Successfully completed studies focusing on computer science/IT security or comparable training At least six years of experience in IT security Experience with SIEM and SOAR systems and architectures Very good knowledge of Linux and network technology Very good knowledge of log data, log formats and normalization of logs Knowledge of Python scripting and in the ELK stack area desirable Ready to work independently in new architectures / systems and their logs to develop use cases Own initiative, pronounced analytical skills, high understanding and structured work Good communication and team skills Ready to call English knowledge, German knowledge of C2 level

Through diverse and socially relevant tasks, we ensure Germany's IT security and sustainability As the primary digitization partner of the Bundeswehr, we enable and support in peace, crisis and war The BWI offers a market-oriented remuneration, a secure workplace and a premised and employee-funded occupational pension scheme We support your professional and personal training through individual measures and free access to LinkedIn Learning and the BWI Academy offers You can build a value balance account in order to use it in perspective, e.g. for a Sabbatical Mobile work is possible in numerous European countries on 20 days a year You will receive a digital value card that will be charged monthly and available to you You can lease your desired bike and calculate it with reduced gross salary conversion JOBV1_EN