Key skills
AzureCyber SecurityLogic AppsWorkdayMentoringCollaboration
About this role
Role Overview
- As a Cyber Defense Analyst you will play a central role supporting our clients in the analysis and mitigation of cyber attacks in our Cyber Detection and Response Center (CDRC).
- In addition, you will support the operation of SIEM and XDR systems for our CDRC customers — with a strong focus on Microsoft security technologies.
- Specifically, you can expect the following: Deep onboarding into the technologies and processes used in the CDRC.
- Specialization in Microsoft Defender XDR and Microsoft Sentinel.
- Rotating analysis tasks across different detection and response systems to keep your workday varied and interesting.
- Design, development and tuning of use cases for Microsoft Sentinel.
- Threat hunting in Microsoft Defender and Microsoft Sentinel.
- Initiating response actions to mitigate cyber attacks.
- Creation and optimization of playbooks using Azure Logic Apps within Microsoft Sentinel.
- Creation and maintenance of Workbooks in Microsoft Sentinel for reporting and visualization.
- Close customer contact for regular collaboration with our clients' security teams.
- Execution of internal projects and further specialization in the technologies in use.
- Level 1 & 2 analyses to support our forensics team during compromise assessments.
- Development, implementation and tuning of detection mechanisms within the Microsoft ecosystem.
- Automation of security processes using Azure Logic Apps and SOAR capabilities.
- Good work–life balance in a 24/7 shift model with incentives that provide an excellent offset for shift work.
- Mentoring of less experienced colleagues.
Requirements
- At least 2–3 years of professional experience in building and/or operating Security Operations Centers (SOC) or in related fields with demonstrable Microsoft security expertise
- Deep knowledge of Microsoft Defender XDR: detection, investigation and response across the Defender ecosystem
- Strong experience with Microsoft Sentinel (SIEM/SOAR): operation, configuration and monitoring
- Use case design and tuning: ability to create, optimize and adapt detection rules to customer environments
- Threat hunting experience — proactive search for threats in logs and data
- Hands‑on experience with playbooks and workbooks in Microsoft Sentinel
- Knowledge of automation using Azure Logic Apps (SOAR functionality in Sentinel)
- Solid foundation across major IT areas (networking, operating systems and basic scripting)
- Very good German and English skills, spoken and written
- Analytical, structured and independent way of thinking and working
- High customer and service orientation and willingness to take responsibility in a team
- Entrepreneurial mindset and approach
- Microsoft certifications are a major plus: SC-200 (Microsoft Security Operations Analyst) — desired
- SC-100 (Microsoft Cybersecurity Architect) — advantageous
- SC-300 (Microsoft Identity and Access Administrator) — desired
Tech Stack
- Azure
- Cyber Security
Benefits
- 30 days of vacation per year
- Digital work equipment including laptop and smartphone
- Personal mentor during onboarding
- Participation in company events
- Regular professional training and development
- Location-independent work* (remote-capable)
- Partially flexible working hours*
- Individual company car policy
- Company bike (Job-Rad) scheme
- Urban Sports Club membership
- Company pension plan