Назад
Company hidden
2 дня назад

Staff Security Engineer (Cybersecurity)

Формат работы
hybrid
Тип работы
fulltime
Грейд
senior
Английский
b2
Страна
Germany
Релокация
Germany
Вакансия из списка Hirify.GlobalВакансия из Hirify RU Global, списка компаний с восточно-европейскими корнями
Для мэтча и отклика нужен Plus

Мэтч & Сопровод

Для мэтча с этой вакансией нужен Plus

Описание вакансии

Текст:
/

TL;DR

Staff Security Engineer (SOC/Threat Detection): Architecting and scaling security monitoring and threat detection capabilities for a global food delivery platform with an accent on Detection as Code and automated triage workflows. Focus on building scalable log pipelines, implementing SIEM/SOAR infrastructure, and integrating Cyber Threat Intelligence.

Location: Hybrid in Berlin, Germany (minimum 2 days a week in office). Relocation support is available.

Company

A pioneering global local delivery platform operating in around 65 countries, specializing in food delivery and quick commerce.

What you will do

  • Architect, implement, and scale Security Log Management on AWS, and SIEM/SOAR infrastructure using Google SecOps.
  • Drive a "Detection as Code" approach, ensuring rules (e.g., YARA-L) and automated enrichments are version-controlled and deployed via CI/CD.
  • Establish and integrate Cyber Threat Intelligence (CTI) capabilities mapped to the MITRE ATT&CK framework.
  • Design high-fidelity alert workflows to automate the gathering and enrichment of security events before escalation to CSIRT.
  • Act as a technical leader and mentor for detection engineers and regional security teams.
  • Define and track operational metrics like MTTD and Alert Fidelity to identify gaps and guide strategic investments.

Requirements

  • 7+ years of broad cybersecurity experience, including 5+ years specifically in SOC or Threat Detection Engineering.
  • Deep architectural expertise with Google SecOps (Chronicle), EDR platforms, and Cloud infrastructure (AWS/GCP).
  • Proven experience with Git/GitHub and CI/CD pipelines for infrastructure and automation as code.
  • Strong background in operationalizing CTI and building scalable alert triage processes to reduce false positives.
  • Operational experience with Identity Providers (Okta, Entra ID, Google Workspace) and EDR (CrowdStrike, SentinelOne, Defender).
  • Must be based in or able to relocate to Berlin, Germany.

Nice to have

  • Experience managing intelligence platforms like MISP and translating raw IOCs/TTPs into detection logic.
  • Operational knowledge of global frameworks such as PCI-DSS, GDPR, NIS2, DORA, or MAS TRM.
  • Industry certifications such as AWS Certified Security, GCIA, GCDA, GMON, or CISSP.
  • Experience integrating AI/LLM capabilities and Model Context Protocol (MCP) into SOAR for automated triage.

Culture & Benefits

  • Hybrid working model with access to a modern Berlin campus.
  • 27 days of holiday, with additional days granted based on tenure.
  • €1,000 educational budget, language courses, and access to Udemy Business.
  • Health checkups, meditation, and subsidies for gym and bicycles.
  • Comprehensive financial package including Employee Share Purchase Plan, corporate pension, and life/accident insurance.
  • Digital and food vouchers alongside various corporate discounts.

Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →