Cyber Security Specialist - Security Engineer (f/m/d)

The Group Security department directly contributes to execution of the Deutsche Börse Group information security strategy. As a central service provider for the Group entities, Group Security is responsible to protect information assets in terms of safety, integrity, confidentiality, authenticity, and availability by enforcing information security controls based on the relevant regulatory requirements and follows the international standard ISO/IEC 27000-series on the Information Security Management System.

Your area of work:

Cyber Defense Framework team operates in strict cooperation with CERT, SOC, Threat Intelligence and Cyber Analytics teams (responsible for SIEM use case implementation). Cyber Defense Framework team is responsible for a wide range of essential tasks, including defining comprehensive requirements, setting strategic goals, and conducting maturity evaluations to enhance our threat detection capabilities. This includes Threat Landscape definition, Purple Teaming, Threat Modeling and Threat Management structured against MITRE.

We are looking for a Security Engineer to enhance our threat landscape analysis, use case coverage, and detection efficacy. The ideal candidate will assess our current detection capabilities, identify gaps, and develop new detection logic in SIEM, EDR, cloud-native solutions to address evolving threats. You will work closely with security teams to analyze attack trends, optimize security use cases, and improve threat visibility across on-premises and cloud environments.

Your responsibilities:

• Assess the organization's security posture against evolving threats and propose enhancements.
• Develop and refine detection use cases in SIEM, EDR, cloud-native tools based on MITRE ATT&CK and real-world attack scenarios.
• Map existing detections to known attack frameworks to identify gaps in coverage.

• Understand threat scenarios and threat actor approach to perform red team/penetration testing exercises and suggest remediations and support closures.
• Threat actor profiling and understanding operations of threat actors.

• Conduct Threat Modeling assessments.
• Understand how external attacks happen and support remediation of external threats.
• Collaborate with Red and Blue Teams to continuously refine detection and response strategies.
• Ability to simplify and present complex technical topics to a broad audience, e.g. management, regulators, authorities and other stakeholders.
• Engagement with german and financial authorities to exchange data and knowledge in german language.

• Fluent german language skills (C1+) is a must, Proficiency in written and spoken English; French language skills will be an asset.
• Solid IT Security technical background and broad knowledge of IT and Information Security technologies especially in the frame of threat detection and security monitoring (e.g. SIEM, EDR, Cloud Security).
• Solid understanding of cyber threats and appropriate detection measures.
• Familiar with cyber threat management, esp. using MITRE ATT&CK framework.
• Deliverable-oriented, with strong problem-solving skills and adaptation on complex and highly regulated environment.
• Team player willing to cooperate with multiple colleagues across office locations.
• Good report-writing skills to present the results of a threat modelling exercise.
• Technical certification in the area of Red Teaming/Penetration Testing/Purple Teaming (e.g. GIAC, OSCP, CEH, etc.) are considered as a strong asset.
• Experienced or conversant with public cloud computing - GCP (preferred), Azure and/or AWS.