Staff Security Engineer (Cybersecurity)
Мэтч & Сопровод
Для мэтча с этой вакансией нужен Plus
Описание вакансии
TL;DR
Staff Security Engineer (SOC/Threat Detection): Architecting and scaling security monitoring and threat detection capabilities for a global food delivery platform with an accent on Detection as Code and automated triage workflows. Focus on building scalable log pipelines, implementing SIEM/SOAR infrastructure, and integrating Cyber Threat Intelligence.
Location: Hybrid in Berlin, Germany (minimum 2 days a week in office). Relocation support is available.
Company
A pioneering global local delivery platform operating in around 65 countries, specializing in food delivery and quick commerce.
What you will do
- Architect, implement, and scale Security Log Management on AWS, and SIEM/SOAR infrastructure using Google SecOps.
- Drive a "Detection as Code" approach, ensuring rules (e.g., YARA-L) and automated enrichments are version-controlled and deployed via CI/CD.
- Establish and integrate Cyber Threat Intelligence (CTI) capabilities mapped to the MITRE ATT&CK framework.
- Design high-fidelity alert workflows to automate the gathering and enrichment of security events before escalation to CSIRT.
- Act as a technical leader and mentor for detection engineers and regional security teams.
- Define and track operational metrics like MTTD and Alert Fidelity to identify gaps and guide strategic investments.
Requirements
- 7+ years of broad cybersecurity experience, including 5+ years specifically in SOC or Threat Detection Engineering.
- Deep architectural expertise with Google SecOps (Chronicle), EDR platforms, and Cloud infrastructure (AWS/GCP).
- Proven experience with Git/GitHub and CI/CD pipelines for infrastructure and automation as code.
- Strong background in operationalizing CTI and building scalable alert triage processes to reduce false positives.
- Operational experience with Identity Providers (Okta, Entra ID, Google Workspace) and EDR (CrowdStrike, SentinelOne, Defender).
- Must be based in or able to relocate to Berlin, Germany.
Nice to have
- Experience managing intelligence platforms like MISP and translating raw IOCs/TTPs into detection logic.
- Operational knowledge of global frameworks such as PCI-DSS, GDPR, NIS2, DORA, or MAS TRM.
- Industry certifications such as AWS Certified Security, GCIA, GCDA, GMON, or CISSP.
- Experience integrating AI/LLM capabilities and Model Context Protocol (MCP) into SOAR for automated triage.
Culture & Benefits
- Hybrid working model with access to a modern Berlin campus.
- 27 days of holiday, with additional days granted based on tenure.
- €1,000 educational budget, language courses, and access to Udemy Business.
- Health checkups, meditation, and subsidies for gym and bicycles.
- Comprehensive financial package including Employee Share Purchase Plan, corporate pension, and life/accident insurance.
- Digital and food vouchers alongside various corporate discounts.
Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →