Security Operations Engineer (f/m/d)

Your tasks

Are you passionate about cybersecurity and blue team topics like threat hunting, anomaly detection, and incident response? Do you thrive in an agile environment and want to contribute to a leading digital company? Join us as a Security Operations Engineer and help secure our products: WEB.DE, GMX, and mail.com! In this role, you’ll be at the heart of our operational security:

• Innovate and Enhance: Design and continuously improve processes and tools in key areas such as SIEM, cyber threat intelligence, threat hunting, vulnerability management, and digital forensics – helping us maintain a real-time understanding of our threat landscape.
• Lead Incident Response: Triage security alerts and take the lead as Incident Manager / Commander during confirmed incidents, coordinating cross-functional teams under pressure.
• Automate Workflows: Automate detection and response workflows, leveraging established platforms like SIEM or EDR/XDR, as well as your own custom scripts and playbooks.
• Technical Analysis: Perform in-depth technical analyses, including log analysis and digital forensics.
• 24/7 Coverage: Participate in our on-call rotation, ensuring 24/7 security coverage when needed.

Your profile

Do you have a technical degree or equivalent education, and a passion for cybersecurity? Have you already gained hands‑on experience in the field? Then we’re looking forward to your application!

• Expertise: Strong knowledge of common security operations tools and processes—such as SIEM, cyber threat intelligence, vulnerability management, or forensic tools—and staying current with best practices and standards (e.g., NIST, FIRST, MITRE ATT&CK). Relevant certifications (e.g., OSCP, GCIA, GCIH) are a plus, but not required.
• Technical Foundation: Solid technical foundation with a deep understanding of networks, communication protocols, operating systems, and web‑based distributed architectures.
• Continuous Learning: Commitment to continuous learning and regularly sharpening your skills in IT infrastructure and security. Familiarity with modern practices such as DevSecOps, Continuous Delivery, Detection as Code, or Infrastructure as Code.
• Hands‑On Skills: Comfortable writing scripts or code in at least one language (solid Python knowledge is a plus) using Git‑based workflows.
• Team Player: Excellent communication skills (English level at least C1) and the ability to guide and align stakeholders.

Our benefits in detail

Lived corporate culture : Flat hierarchies, a culture of respect and appreciation, signatories of the Diversity Charter, open communication, and no dress code.

Wide range of further training : Internal and external training opportunities, LinkedIn Learning, language courses, talent development programs, conferences, and mentoring.

TEC-Campus : Free choice between Linux, Mac, or Windows, slack days, conferences, lecture series, courses, open‑source projects, community meetups, and user groups.

❤️ Active health care: Wellpass, free internal sports and fitness classes, health days, family & care support services, discounts at fitness centers, mental health first responder, fresh fruit, and drinks for free.