Detection Engineering & Response Lead

New
Based in GermanyFull-TimeLead
Salary not disclosed
Apply NowOpens the employer's application page

Job Details

Experience
6+ years
Required Skills
SQLKubernetesLinux

Requirements

  • 6+ years of experience in security operations, detection engineering, or incident response, including leadership or mentoring responsibilities.
  • Strong hands-on experience in cloud-native environments such as Kubernetes, Linux-based systems, and containerized infrastructure.
  • Deep expertise in detection engineering, including writing and tuning rules in SIEM platforms (e.g., Splunk, Elastic, Chronicle) and working with SQL.
  • Experience designing and operating SOAR systems and automating security response workflows at scale.
  • Solid understanding of threat intelligence frameworks such as MITRE ATT&CK, Kill Chain, and Pyramid of Pain, and their practical application in detection.
  • Strong incident response expertise, including forensic analysis, log investigation, network traffic analysis, and post-incident reviews.
  • Experience coordinating cross-functional stakeholders during high-severity security incidents.
  • Ability to define and enforce security processes while balancing operational and regulatory requirements.
  • Familiarity with security tooling such as eBPF-based detection systems or runtime security solutions is a plus.
  • Background in threat hunting or experience securing large-scale distributed systems is an advantage.
  • Strong leadership, communication, and stakeholder management skills in complex technical environments.

Responsibilities

  • Lead the design, development, and continuous improvement of detection engineering strategies across cloud and bare-metal environments.
  • Build and maintain high-quality detection rules and logic across SIEM platforms, ensuring strong MITRE ATT&CK coverage and low false-positive rates.
  • Develop and scale incident response processes, including scoping, containment, forensic analysis, root cause identification, and post-incident reporting.
  • Architect and optimize Security Operations workflows, including automation and SOAR pipelines for efficient threat response.
  • Integrate threat intelligence into detection systems and response playbooks, mapping adversary behaviors and emerging TTPs.
  • Lead and coordinate security incident response activities across engineering, compliance, legal, and leadership stakeholders.
  • Define, track, and report key security metrics such as MTTD, MTTR, detection coverage, and operational effectiveness.
  • Build and maintain scalable tooling, runbooks, and operational processes to support a growing security organization.
  • Mentor and guide a small team of security engineers and analysts while contributing hands-on to complex security challenges.
  • Collaborate closely with engineering teams to ensure security is embedded into infrastructure and platform design.
View Full Description & ApplyYou'll be redirected to the employer's site
View details
Apply Now