Security Operations Engineer (m/f/d)
- Frankfurt am Main, up to 50% onsite possible
- Start: 15.06.2026 (ASAP)
- 3 weeks ago
- Job type:
- Project
- Duration:
- 31.12.2026 + Option
- Scope of work:
- full-time - (100%)
- Languages:
- English
ID: 178739
Westhouse is one of the leading international recruitment agencies for the procurement of highly qualified experts in fields such as IT lifecycle management, SAP, engineering, commerce and specialist consultancy.
For our client we are currently looking for a Security Operations Engineer (m/f/d) - Frankfurt am Main, up to 50% onsite possible.
Your tasks
- Designing and building SecOps tooling as part of the security tool ecosystem
- Developing architecture patterns and solution designs for SIEM, SOAR, Vulnerability Detection & Management, EDR, logging pipelines, user behavior analytics, and other security tool categories
- Evaluate and integrate new tools, technologies, and platforms to strengthen detection, response, and automation capabilities
- Build and maintain scalable data ingestion, correlation, and alerting workflows to enable advanced detection and response functions.
- Technical coordination with operational engineers to jointly maintain SecOps workflows and ensure platform reliability
- Identify opportunities to automate repetitive tasks within security operations processes
- Build automation scripts, playbooks, and workflows (e.g., in SOAR tools) to enhance response efficiency and reduce analyst workload.
- Technical Coordination with SOC and IR teams to translate operational needs into automated solutions.
- Design and build an EDP-internal SecOps product to provide detection and response capabilities towards vulnerabilities, threats and further security events
- Build state-of-the-art detection capabilities within EDP by integrating with the internal Observability product. Further integrate with the broader corporate SOC capabilities (by e.g. forwarding defined alerts)
- Providing initial operations and security analysis tasks and shape the way for a structured 24x7 security operations capability
- Provide technical management during incidents, focusing on tooling behaviour, data quality, and engineering fixes
- Consult in development or enhancement detection content, correlation rules, dashboards, and data models based on incident patterns
- Encourage IR activities with rapid instrumentation, log onboarding, and custom tooling during active security events
- Develop, test, and operationalize new detection capabilities based on evolving threats, platform telemetry, and business requirements
- Create and maintain detection-as-code artifacts (e.g., Sigma, YARA, KQL queries, static analysis rules)
- Validate detection quality through adversary simulation, purple-teaming, or continuous tuning
- Ensure rules are consistently documented, version-controlled, and validated against production data sources
Share posting
Your qualifications
- Experience with engineering background in SIEM/SOAR, EDR platforms, log ingestion, telemetry pipelines, scripting (Python, PowerShell, Go), and cloud-native security tooling
- Experience with infrastructure-as-code, CI/CD toolchains, and container orchestration platforms (Kubernetes
- Experience with threat modelling, detection engineering frameworks, developing TTP matrixes, and MITRE ATT&CK
- Experience creating architectural diagrams, interface specifications, and onboarding guidelines
- Experience in Logging and detection solutions for cloud architecture
- Nice-to-have:
- Experience with Wazuh
- Experience with Observability platforms and Open Telemetry
- Experience in SOC Analyst Tier 1-3 roles or understanding of security operations centers
- Experience in security frameworks (BSI, ISO 27001, MITRE ATT&CK, etc.)
- Experience in GCP or public cloud provider
- Experience in related DFIR or blue team domains (CySA+, GIAC, GCIH, BTL)
- Experience in Kubernetes security (CKS or CNCF related)