Detection Engineering & Response Lead
New
Based in GermanyFull-TimeLead
Salary not disclosed
Apply NowOpens the employer's application page
Job Details
- Experience
- 6+ years
- Required Skills
- SQLKubernetesLinux
Requirements
- 6+ years of experience in security operations, detection engineering, or incident response, including leadership or mentoring responsibilities.
- Strong hands-on experience in cloud-native environments such as Kubernetes, Linux-based systems, and containerized infrastructure.
- Deep expertise in detection engineering, including writing and tuning rules in SIEM platforms (e.g., Splunk, Elastic, Chronicle) and working with SQL.
- Experience designing and operating SOAR systems and automating security response workflows at scale.
- Solid understanding of threat intelligence frameworks such as MITRE ATT&CK, Kill Chain, and Pyramid of Pain, and their practical application in detection.
- Strong incident response expertise, including forensic analysis, log investigation, network traffic analysis, and post-incident reviews.
- Experience coordinating cross-functional stakeholders during high-severity security incidents.
- Ability to define and enforce security processes while balancing operational and regulatory requirements.
- Familiarity with security tooling such as eBPF-based detection systems or runtime security solutions is a plus.
- Background in threat hunting or experience securing large-scale distributed systems is an advantage.
- Strong leadership, communication, and stakeholder management skills in complex technical environments.
Responsibilities
- Lead the design, development, and continuous improvement of detection engineering strategies across cloud and bare-metal environments.
- Build and maintain high-quality detection rules and logic across SIEM platforms, ensuring strong MITRE ATT&CK coverage and low false-positive rates.
- Develop and scale incident response processes, including scoping, containment, forensic analysis, root cause identification, and post-incident reporting.
- Architect and optimize Security Operations workflows, including automation and SOAR pipelines for efficient threat response.
- Integrate threat intelligence into detection systems and response playbooks, mapping adversary behaviors and emerging TTPs.
- Lead and coordinate security incident response activities across engineering, compliance, legal, and leadership stakeholders.
- Define, track, and report key security metrics such as MTTD, MTTR, detection coverage, and operational effectiveness.
- Build and maintain scalable tooling, runbooks, and operational processes to support a growing security organization.
- Mentor and guide a small team of security engineers and analysts while contributing hands-on to complex security challenges.
- Collaborate closely with engineering teams to ensure security is embedded into infrastructure and platform design.
View Full Description & ApplyYou'll be redirected to the employer's site