Support the team in analyzing and defending against cyber attacks in our Cyber Detection and Response Center (CDRC)
Operate SIEM and XDR systems for our CDRC customers – with a strong focus on Microsoft security technologies
Deep onboarding into CDRC technologies and processes
Specialization in Microsoft Defender XDR and Microsoft Sentinel
Rotating analysis tasks across various detection and response systems
Design, develop and tune use cases for Microsoft Sentinel
Threat hunting in Microsoft Defender and Microsoft Sentinel
Initiate response measures to mitigate cyber attacks
Create and optimize playbooks using Azure Logic Apps in Microsoft Sentinel
Create and maintain workbooks in Microsoft Sentinel for reporting and visualization
Close client contact for regular coordination with customers’ security teams
Execute internal projects and further specialize in deployed technologies
Level 1 & 2 analyses to support our forensics team during compromise assessments
Develop, implement and optimize detection mechanisms within the Microsoft ecosystem
Automate security processes using Microsoft Logic Apps and SOAR capabilities
Mentor colleagues with less professional experience
Requirements
Minimum 2–3 years of professional experience in building and/or operating Security Operations Centers (SOC) or in related areas, with demonstrable Microsoft security expertise
Deep knowledge of Microsoft Defender XDR: detection, investigation and response across the Defender ecosystem
Strong hands-on experience with Microsoft Sentinel (SIEM/SOAR): operation, configuration and monitoring
Use case design and tuning: ability to create, optimize and adapt detection rules to customer environments
Threat hunting experience – proactive searching for threats in logs and data
Hands-on experience with playbooks and workbooks in Microsoft Sentinel
Knowledge of automation with Azure Logic Apps (SOAR functionality in Sentinel)
Solid foundation across core IT domains (networking, operating systems & basic scripting)
Excellent spoken and written German and English
Analytical, structured and independent working style
Strong customer and service orientation and willingness to take responsibility within the team
Entrepreneurial thinking and acting
Microsoft certifications are a strong plus: SC-200 (Microsoft Security Operations Analyst) – desired