Cyber Security Specialist - Threat Detection Engineer (f/m/d)

The Group Security department directly contributes to execution of the Deutsche Börse Group information security strategy. As a central service provider for the Group entities, Group Security is responsible to protect information assets in terms of safety, integrity, confidentiality, authenticity, and availability by enforcing information security controls based on the relevant regulatory requirements and follows the international standard ISO/IEC 27000-series on the Information Security Management System.

Your area of work:

Cyber Defense Framework team operates in strict cooperation with CERT, SOC, Threat Intelligence and Cyber Analytics teams (responsible for SIEM use case implementation). Cyber Defense Framework team is responsible for a wide range of essential tasks, including defining comprehensive requirements, setting strategic goals, and conducting maturity evaluations to enhance our threat detection capabilities. This includes Threat Landscape definition, Purple Teaming, Threat Hunting and Threat Management structured against MITRE.
 

We are looking for a Threat Detection Engineer to enhance our threat landscape analysis, use case coverage, and detection efficacy. The ideal candidate will assess our current detection capabilities, identify gaps, and develop new detection logic to address evolving threats. You will work closely with security teams to analyze attack trends, optimize security use cases, and improve threat visibility across on-premises and cloud environments. 

Your responsibilities:

• Assess the organization’s security posture against evolving threats and propose enhancements.
• Develop and refine detection use cases based on MITRE ATT&CK and real-world attack scenarios.
• Map existing detections to known attack frameworks to identify gaps in coverage.
• Develop advanced detection logics and algorithms which can efficiently spot and alert of any suspicious activity or potential threats.
• Perform detection gap assessments to ensure coverage across network, endpoint, cloud, and application layers.
• Understand threat scenarios and threat actor approach to perform red team/penetration testing exercises and suggest remediations and support closures.
• Threat actor profiling and understanding operations of threat actors.
• Transpose defensive strategies and relevant threat hunting from threat actor’s attack approach.
• Understand how external attacks happen and support remediation of external threats.
• Collaborate with Red and Blue Teams to continuously refine detection and response strategies.
   

Your profile:

• Solid IT Security technical background and broad knowledge of IT and Information Security technologies especially in the frame of threat detection and security monitoring (e.g. SIEM, EDR, Cloud Security).
• Solid understanding of cyber threats and appropriate detection measures.
• Familiar with cyber threat management, esp. using MITRE ATT&CK framework.
• Deliverable-oriented, with strong problem-solving skills and adaptation on complex and highly regulated environment.
• Team player willing to cooperate with multiple colleagues across office locations.
• Previous experience in a CERT or SOC team is considered a strong asset as well as involvement in threat detection investigations.
• Good report-writing skills to present the results of a threat modelling exercise.
• Scripting skills (e.g. Python, Bash, Perl) is considered a strong asset.
• Experience with JIRA ticketing tool and JIRA Service Manager is a strong asset.
• Technical certification in the area of Red Teaming/Penetration Testing/Purple Teaming or Threat Hunting (e.g. GIAC, OSCP, CEH, etc.) are considered as a strong asset.
• Experienced or conversant with public cloud computing - GCP (preferred), Azure and/or AWS.
• Proficiency in written and spoken English; French/German language skills will be an asset.