Für unseren Kunden suchen wir ab sofort einen Security Operations Architect (m/w/d) SIEM, Incident Response & Log Aggregation für den voraussichtlichen Zeitraum bis 11/2025 mit der Option auf langfristige Verlängerung. In diesem großen Greenfield-Projekt kann unter Nutzung moderner Technologien ein Beitrag zur Energiewende geleistet werden. Das Projekt ist als Vollzeitbeschäftigung geplant. Mindestens 3 Tage pro Monat finden vor Ort in Frankfurt am Main oder Berlin statt.

Hinweis: Bitte sehen Sie von Bewerbungen ab, die nicht alle Mindestkriterien erfüllen.

Project Description:
The team is building an internal platform for software product developers to accelerate the development and delivery of software products to tackle the massive challenges facing the energy sector. The Platform is a service oriented, cloud-native platform that is being built to provide application teams with self-service capabilities to develop, run and operate their software products. The Platform provides services for application infrastructure, data, service lifecycle management, application build and delivery as well as services to operate their software products. The platform is deployed as a hybrid cloud, encompassing both private cloud and selected public clouds.

Targets in that Position:
- Coordinate and consultancy in robust security operations with core processes
- Consultancy in detection and response capabilities of the platform observability stack
- Consultancy in improving detection and response capabilities by consulting with product lines
Must-Have:
- Experience in designing and implementing security operations processes and frameworks for cloud infrastructures
- Experience in SIEM platforms (e.g., Splunk, Elastic) for threat detection and correlation
- Experience in Logging and detection solutions for cloud architectures
- Experience in security incident response
- Experience in detection engineering, including creating and tuning detection rules
- Experience in designing data models for log aggregation, normalization, and correlation
- Experience with security operations tooling (e.g., SOAR, EDR, IDS/IPS)

Nice-to-Have:
- Experience of cybersecurity frameworks (e.g., NIST, MITRE ATT&CK)
- Experience with private cloud and sovereign cloud platforms
- Experience with Cloud Security Posture management (CSPM)
- Experience with Kubernetes Workload visibility and protection solutions (CNAPP)
- Experience in security & compliance standards and frameworks including ISO/IEC 27001, CSA CCM, BSI Grundschutz, CSI, NIST CSF, NIST OSCAL, etc.
- Experience in sector-specific regulations (e.g. NIS2, CRA, KRITIS, BSI C5, …)
- Experience in any SOC, SIEM, EDR or XDR tooling
- Experience in Kubernetes security (CKS or CNCF related)
- Experience in related DFIR or blue team domains (CySA+, GIAC, GCIH, BTL