Security Operations Engineer (PID0632/0633)

This is a remote position.

Security Operations Engineer (PID0632/0633) ISRC SAO

Contract / Freelance

Full-time

Remote with travel readiness required (Germany)

Start: 29/06/2026

About the role

We are seeking a Security Operations Engineer to join the Information Security, Risk and Compliance function of a large internal platform programme in the energy sector. Working within a cloud-native, hybrid platform environment, you will design and build the SecOps tooling ecosystem, develop detection capabilities and support incident response activities as the programme scales towards a structured 24x7 security operations capability.

What you'll be doing

Designing and building SecOps tooling covering SIEM, SOAR, vulnerability detection and management, EDR, logging pipelines and user behaviour analytics

Developing architectural patterns and solution designs for the security tool ecosystem

Evaluating and integrating new tools and platforms to strengthen detection, response and automation capabilities

Building and maintaining scalable data ingestion, correlation and alerting workflows for advanced detection and response

Coordinating with operational engineers to jointly maintain SecOps workflows and ensure platform reliability

Building automation scripts, playbooks and workflows in SOAR tooling to enhance response efficiency and reduce analyst workload

Designing and building an internal SecOps product providing detection and response capabilities for vulnerabilities, threats and security events

Integrating with the internal observability product and broader corporate SOC capabilities

Providing technical management during incidents, including tooling behaviour, data quality and engineering fixes

Developing, testing and operationalising detection capabilities based on evolving threats and platform telemetry

Creating and maintaining detection-as-code artefacts such as Sigma rules, YARA, KQL queries and static analysis rules

Validating detection quality through adversary simulation, purple-teaming or continuous tuning

Requirements

What you'll need

5+ years of experience in security operations, engineering and cloud security tooling

Engineering background in SIEM/SOAR, EDR platforms, log ingestion, telemetry pipelines, scripting (Python, PowerShell, Go) and cloud-native security tooling

Experience with infrastructure-as-code, CI/CD toolchains and container orchestration (Kubernetes)

Experience with threat modelling, detection engineering frameworks, TTP matrices and MITRE ATT&CK

Experience creating architectural diagrams, interface specifications and onboarding guidelines

Experience with logging and detection solutions for cloud architecture

Fluent English, spoken and written (C1 minimum)

Desirable

Experience with Wazuh

Familiarity with observability platforms and OpenTelemetry

Background in SOC Analyst Tier 1-3 roles or understanding of security operations centres

Knowledge of security frameworks including BSI, ISO 27001 and MITRE ATT&CK

Experience with GCP or other public cloud providers

DFIR or blue team certifications (CySA+, GIAC, GCIH, BTL)

Kubernetes security experience (CKS or CNCF related)

Benefits

Als Freiberufler / Auftragnehmer bei uns genießen Sie flexible Arbeitszeiten und die Freiheit, Ihre eigenen Projekte zu wählen. Unsere Plattform bietet Ihnen Zugang zu spannenden Projekten in verschiedenen Branchen und unterstützt Sie bei Ihrer beruflichen Entwicklung. Sie profitieren von einer attraktiven Vergütung und einem engagierten Team, das Ihnen bei Fragen zur Seite steht. Arbeiten Sie unabhängig und nutzen Sie unser starkes Netzwerk, um Ihre beruflichen Ziele zu erreichen.