Cyber Security Specialist - Threat Detection Engineer (f/m/d)

The Group Security department directly contributes to the execution of the Deutsche Börse Group's information security strategy. As a central service provider for the Group entities, Group Security is responsible for protecting information assets in terms of safety, integrity, confidentiality, authenticity, and availability by enforcing information security controls based on relevant regulatory requirements and following the international standard ISO/IEC 27000-series on the Information Security Management System.

Your area of work:

The Cyber Defense Framework team operates in close cooperation with CERT, SOC, Threat Intelligence, and Cyber Analytics teams (responsible for SIEM use case implementation). The team is responsible for defining requirements, setting strategic goals, and conducting maturity evaluations to enhance threat detection capabilities. This includes defining threat landscapes, Purple Teaming, Threat Hunting, and Threat Management structured against MITRE.

We are seeking a Threat Detection Engineer to improve threat landscape analysis, use case coverage, and detection efficacy. The candidate will assess current detection capabilities, identify gaps, and develop new detection logic to address evolving threats. Collaboration with security teams to analyze attack trends, optimize security use cases, and improve threat visibility across on-premises and cloud environments is essential.

• Assess the organization’s security posture against evolving threats and propose enhancements.
• Develop and refine detection use cases based on MITRE ATT&CK and real-world attack scenarios.
• Map existing detections to attack frameworks to identify coverage gaps.
• Develop advanced detection logic and algorithms to identify suspicious activity or threats.
• Perform detection gap assessments across network, endpoint, cloud, and application layers.
• Understand threat scenarios and actor techniques to perform red team/penetration testing and suggest remediations.
• Profile threat actors and understand their operations.
• Translate threat actor tactics into defensive strategies and threat hunting procedures.
• Support remediation of external threats by understanding attack methods.
• Collaborate with Red and Blue Teams to refine detection and response strategies.

Your profile:

• Solid IT security background with broad knowledge of threat detection and security monitoring technologies (e.g., SIEM, EDR, Cloud Security).
• Strong understanding of cyber threats and detection measures.
• Familiarity with cyber threat management frameworks, especially MITRE ATT&CK.
• Deliverable-oriented with strong problem-solving skills, adaptable to complex, highly regulated environments.
• Team player willing to collaborate across locations.
• Experience in CERT or SOC teams and threat detection investigations is a plus.
• Good report-writing skills for threat modeling exercises.
• Scripting skills (e.g., Python, Bash, Perl) are advantageous.
• Experience with JIRA and JIRA Service Manager is beneficial.
• Technical certifications in Red Teaming, Penetration Testing, Purple Teaming, or Threat Hunting (e.g., GIAC, OSCP, CEH) are a plus.
• Experience with public cloud platforms (GCP preferred, Azure, AWS).
• Proficiency in English; French or German skills are a plus.