Security Operations Engineer (SIEM/SOAR)

Descripción del puesto:

# Your Role

As Security Operations Engineer (SIEM/SOAR), you shape and continuously evolve the detection and response capabilities at the heart of our Cyber Defense Center. You ensure that our security platforms deliver meaningful, actionable insights âEUR" turning threat intelligence, adversary behavior, and incident lessons learned into effective detection logic and automated response workflows. In close collaboration with SOC, CIRT, threat intelligence, platform engineering, and external service providers, you help strengthen our overall detection and response posture and enable the organization to react quickly and decisively to emerging cyber threats.

- Define and document detection use cases aligned with CDC priorities, threat intelligence, and MITRE ATT&CK techniques.

- Stay informed about current attack patterns to finetune detection use cases based on emerging threats, TTPs, and incident lessons learned.

- Maintain and modify SIEM and EDR analytic rules across the detection lifecycle.

- Finetune analytic rules to improve signal to noise ratio and reduce false positives.

- Design, configure, and maintain SOAR response playbooks to automate and orchestrate incident response actions.

- Manage watchlists, reference sets, and exception lists used by analytic rules and playbooks.

- Manage user accounts and permissions for the SIEM system and related detection tooling.

- Create custom queries, searches, and reports to support investigations, hunting, and operational reporting.

- Assist SOC analysts with analysis and troubleshooting of integrations, analytic rules and alert behavior.

- Collaborate with Threat Intelligence, SOC, CIRT, and platform teams to continuously improve detection coverage and response automation.

Your Profile

- Degree in Computer Science, IT Security, or a related field, or equivalent work experience.

- Several years of handsâEUR'on experience in detection engineering, SOC engineering, or security operations.

- Strong drive to achieve high quality alerting, detection and response capability with MITRE ATT&CK alignment, emerging threats developments, and realâEUR'world attack patterns.

- Experience in building, tuning, and maintaining SIEM and EDR analytic rules in production environments.

- Experience creating custom queries, searches, dashboards, and reports to support SOC operations.

- Solid understanding of log sources, event parsing, normalization, and enrichment.

- Ability to design and implement SOAR playbooks to automate enrichment, triage, and response workflows.

- Competence in writing queries, correlation rules, and analytics using SIEM query languages (e.g., KQL, SPL, AQL) and common detection frameworks (e.g., Sigma).

- Ability to translate threat intelligence and adversary behavior into effective detection use cases.

- Capability to align detections and response logic with MITRE ATT&CK, emerging threats, and realworld attack patterns.

- Working knowledge of APIs and integrations for connecting SIEM, SOAR, EDR, and other security tools.

- Technical documentation skills and ability to produce clear runbooks and detection content documentation.

- Structured, detailâEUR'oriented working style with analytical and problemsolving abilities.

- Scripting and automation skills (e.g., Python, PowerShell) are a strong plus.

- Fluent in English; German is a plus.

What we offer
Our employees are the innovative backbone and driving force of our company. That is why you are our focus.
- Technology stack: Modern and cutting-edge technology stack with opportunities to experiment and innovate within a high-tech group
- Flexible work options: 40-60% hybrid work option to provide flexibility and work-life balance
- Additional benefits: Annual flexible benefits that include cafeteria options, private health plans, and annual reward
- Extra option: Company parking space in the underground garage of the office building can be reserved
- Contribution: Opportunity to directly contribute to the development of innovative products through software delivery
- Supportive work environment: working in a team composed of excellent teammates and a supportive lead who collaborate to guide and support professional development from day one
At ZEISS we encourage creative thinking and innovation. We work in dynamic and interdisciplinary teams and offer individual development perspectives and flexibility in organizing your work. We care about our employees and take responsibility for improving society and preserving our environment. These core values have shaped our corporate culture at ZEISS for over 175 years.
Join our inclusive and diverse #teamZEISS and enable the digital future for ZEISS and our synergy clients.

Your ZEISS Recruiting Team:Bartha Györgyi, Wenner Lili