Information Security Engineer - SOC Service Coordinator (f/m/d)

DBG CERT is looking for a highly motivated Security Engineer whose responsibility will be to ensure that the initial triage and analysis of cyber threats, reported by our SIEM solution to SOC L1 and L2 analysts, is performed in a timely fashion and in accordance with DBG quality standards as well as with regulators' requirements and contractual agreements (e.g., SLA response/resolution time) with our internal customers. At this position, you will also be responsible for identifying and proposing improvements on SOC/CERT runbooks as well as tuning of SIEM use cases to reduce the risks of false positives, false negatives, and hence improve incident management escalation and handling.

Your responsibilities:

1. Identify and propose adjustments/improvements on SOC runbooks based on false positives, tuning of SIEM use cases, and audit findings.
2. Engage with internal IT functions to fill identified gaps (e.g., lack of details in asset inventory) in the alert handling process.
3. Identify and propose adjustments/improvements on SIEM use cases based on false positives reported by SOC and audit findings.
4. Perform quality checks and end-to-end testing of SOC runbooks.
5. Prepare for audits (evidence/requests handling) and attend audit sessions.
6. Participate in regular calls with the SOC Service Manager.
7. Participate in Blue/Red team exercises to test and improve monitoring and response capabilities.

Your profile:

1. Solid experience in a CERT or SOC team with SIEM alert handling, workflow design, and runbook preparation.
2. Knowledge of cyber threats and vulnerabilities: how to properly identify, triage, and remediate threats based on threat intelligence and analysis of security events, log data, and network traffic.
3. Expert working knowledge of technical and organizational aspects of information security, through prior defensive or offensive work experience.
4. Solid understanding of cyber threats and the MITRE ATT&CK framework.
5. Deliverable-oriented, with strong problem-solving skills and adaptability in complex and highly regulated environments.
6. Team player willing to cooperate with colleagues across multiple locations in a cross-cultural environment.
7. Good report-writing skills to present findings of investigations.
8. Availability during working hours (Mon-Fri) plus on-call duty.
9. Fluent in spoken and written English, including security terminology; proficiency in German is a plus.

Strong assets:

1. Willingness and ability to lead complex cybersecurity investigations supporting the CERT lead.
2. Experience in developing automation of CERT/SOC processes via SOAR solutions.
3. Experience with Red Teaming and Purple Teaming exercises.
4. Background in Malware Analysis, Digital Forensics, and Cyber Threat Intelligence.
5. Experience in Threat Hunting, leveraging intelligence data to proactively identify and investigate suspicious behavior.
6. Script development skills (e.g., Python, Shell scripting).
7. Cloud security expertise, primarily in GCP and Azure.
8. Vulnerability handling and management.
9. Relevant industry certifications such as SANS/GIAC (e.g., GCIA, GCIH, GNFA, GCFA), CompTIA (Security+, Cloud+, PenTest+), OSCP, eLearnSecurity are desirable.