IT Security Engineer (Cyber Incident Response and Threat Hunting) - CERT - Group Security (f/m/d)

Deutsche Börse AG • Frankfurt am Main, Prague

Learn. Develop. Grow. But always: Share value

Join our international team that drives positive change, united by a spirit of openness and curiosity. We empower you to have an impact and to grow – personally and professionally. With us, you work at the heart of financial systems and evolve the way markets operate. We’re excited about the future because we are the ones shaping it. Let´s do this together by sharing value!

Who we are

Who we are

Tracing its origins to 1585, Deutsche Börse Group has become one of the world’s leading exchange organisations and an innovative market infrastructure provider. In this role, we provide investors, financial institutions and companies access to global capital markets. What’s your part in all this? With your commitment you contribute to the success of our unique business model: offering a wide range of products, services and technologies for security, transparency and integrity on the markets. By creating trust in the markets of today and tomorrow we foster growth and contribute to the prosperity of future generations.

Frankfurt am Main, Prague

Your career at Deutsche Börse Group

Your area of work:
Cyber Emergency Response Team (CERT) is the central unit for Information Security Incident Response, Threat Hunting and Adversary Simulation capabilities. CERT performs his activities in strict cooperation with the Security Operation Center (SOC) and Cyber Analytics team, responsible for Cyber Threat Detection development and Intel analysis.  


Your responsibilities:
DBG CERT is looking for a highly motivated and curious Incident Response Engineer with experience in the identification, containment and mitigation of IS incidents. You will be involved in all stages of IS Incident Response as well as in the Threat Hunting program. You’re also expected to support the SOAR task force to automate detection and remediation and help us build the next generation of security operations and response platform within the Cyber Defense section. 


  • Lead cyber security incident response engagements covering incident handling and coordination, in-depth technical analysis, and investigation through to recovery
  • Develop IR initiatives that improve our capabilities to effectively respond and remediate security incidents (e.g. defining SIEM use-cases, identifying threat hunting hypothesis, promoting red-teaming activities, etc.)
  • Perform analysis of logs from a variety of sources (on-premises and cloud-based) identifying potential threats
  • Perform root cause analysis and drive implementation of containment and mitigation strategies
  • Perform post incident lessons learned, root cause analysis and incident reporting
  • Participate in Blue/Red teams exercise to test and improve our monitoring and response capabilities.
  • Build automation for response and remediation of malicious activity 
  • Recommend security measures to address cyber threats identified in a proactive-based approach
  • Help to improve the CERT process excellence by maintaining information security documentation in line with regulatory requirements


Your profile:

  • Previous experience in a CERT or SOC team as well as involvement in IS Incident investigations
  • Knowledge of cyber threats and vulnerabilities: how to properly identify, triage, and remediate threats based on threat intelligence as well as on analysis of security events, log data and network traffic
  • Expert working knowledge of technical and organizational aspects of information security, e.g., through prior defensive or offensive work experience
  • Solid understanding of cyber threats and MITRE ATT&CK framework
  • Deliverable-oriented, with strong problem-solving skills and adaptation on complex and highly regulated environment 
  • Team player willing to cooperate with multiple colleagues across office locations in a cross-cultural environment
  • Good report-writing skills to present the findings of investigations
  • Available during the working hours (Mo-Fr) + on-call duty 
  • Fluent in spoken and written English, including security terminology; proficiency in German is a plus


Strong assets:

  • Background in Malware Analysis, Digital Forensics and/or Cyber Threat Intelligence
  • Experience in Threat Hunting including the ability to leverage intelligence data to proactively identify and iteratively investigates suspicious behaviour across networks and systems
  • Development of automation of various CERT/SOC processes via SOAR solution 
  • Development (e.g. Python, Shell scripting)
  • Cloud Security expertise (primarily GCP and Azure)
  • Vulnerability Handling / Management
  • Relevant Industry Certifications such as SANS/GIAC (e.g., GCIA, GCIH, GNFA, GCFA), CompTIA (Security+, Cloud+, PenTest+), OSCP, eLearnSecurity are desirable.

Why Deutsche Börse Group?

We are committed to providing a work environment where everyone feels welcome and can reach their full potential. Our standards go far beyond simply matching candidates with the right position.


We enable you to move freely with our job tickets, job (e-)bikes and free parking opportunities.

Work environment

Collaboration, communication, or deep focus – in our modern office buildings you will find the perfect work environment. Free drinks and food and meal allowances included.

Health and wellbeing

We care for your health and wellbeing and besides various health promotion measures we offer you a group accident insurance and additional insurance offers at discounted rates.

Financial stability

We provide financial stability by offering attractive salaries, company pension schemes, participation in our Group Share Plan, as well as bonuses, subsidies and discounts.

Hybrid work

Collaborate and exchange on-site or work remotely several days a week in line with business needs and local regulations. Our hybrid working model combines the best of both worlds.

Flexible working hours

We want your job to fit your life situation and offer flexible working time models, part-time models, childcare allowance, or the possibility to study alongside your job.


Our market infrastructures are globally connected. Working with us means collaborating with like-minded colleagues across over 60 locations from more than 100 nations.


We promote individual development by offering internal development programmes, mentoring, further education and training budgets.

Our story

Our Story - Deutsche Börse Group in 120 Seconds
Our Story - Deutsche Börse Group in 120 Seconds
Ninwe Gourie – Campus Recruiting

Ninwe Gourie – Campus Recruiting

Are you interested in an internship, an apprenticeship or a working student job?


Our Campus Recruiting Team is looking forward to your call or e-mail.

Recruiting Team

Recruiting Team

Take your career to the next level with us and embrace new challenges!


Our Recruiting Team is looking forward to your call or e-mail.

Similar jobs
We evaluate all jobs for you in order to suggest similar jobs that match the tasks and required skills.

Ready to start your career with us?

Apply now!