Cyber Security Specialist - Threat Detection Engineer (f/m/d)

The Group Security department directly contributes to execution of the Deutsche Börse Group information security strategy. As a central service provider for the Group entities, Group Security is responsible to protect information assets in terms of safety, integrity, confidentiality, authenticity, and availability by enforcing information security controls based on the relevant regulatory requirements and follows the international standard ISO/IEC 27000-series on the Information Security Management System.

Your area of work:
Cyber Defense Framework team operates in strict cooperation with CERT, SOC, Threat Intelligence and Cyber Analytics teams (responsible for SIEM use case implementation). Cyber Defense Framework team is responsible for a wide range of essential tasks, including defining comprehensive requirements, setting strategic goals, and conducting maturity evaluations to enhance our threat detection capabilities. This includes Threat Landscape definition, Purple Teaming, Threat Hunting and Threat Modeling.

We are looking to hire a Threat Detection Engineer with strong Threat Modeling experience. The selected candidate will be in charge of providing a Threat Modeling program to DBG group and its legal entities and support Purple Team and Threat Hunting related activities. The job holder will be involved in projects aiming at delivering new service capabilities and will participate in the definition, implementation and delivery of such projects.

The main activities include but are not limited to: creating and defining a common methodology to deliver threat models, evaluation of the most important threats to IT assets and assessment of whether the coverage of use cases should be expanded, classify detection maturity for IT assets, recommend security measures to address cyber threats identified, e.g. defining SIEM use-cases and logs onboarding; developing hypothesis based on threat intelligence for Threat Hunting, hunting with usage of technology like EDR, SIEM and Cloud-based solutions.

Your responsibilities:

• Support definition of Threat Modeling program and orchestrate related activities
• Research emerging threats and vulnerabilities, perform gap analysis, and curate threat detection Use Cases
• Perform capability abstraction based on research of adversarial TTPs and build threat models and detectors
• Collaborate with threat hunters and in purple team exercises to mature the organization’s detection capabilities
• Build and maintain a threat detection library
• Responsible for in-depth threat assessment for critical assets in collaboration with product engineering teams
• Develop advanced detection logics and algorithms which can efficiently spot and alert of any suspicious activity or potential threats.
• Actively participate in threat landscape /scenario definition activity

    
    
Your profile:

• Solid IT Security technical background and broad knowledge of IT and Information Security technologies especially in the frame of threat detection and security monitoring (e.g. SIEM, EDR, Cloud Security) 
• Solid understanding of cyber threats and appropriate detection measures 
• Familiar with cyber threat management, esp. using MITRE ATT&CK framework
• Deliverable-oriented, with strong problem-solving skills and adaptation on complex and highly regulated environment
• Team player willing to cooperate with multiple colleagues across office locations 
• Previous experience in a CERT or SOC team is considered a strong asset as well as involvement in threat detection investigations 
• Good report-writing skills to present the results of a threat modelling exercise 
• Scripting skills (e.g. Python, Bash, Perl) is considered a strong asset