This is a remote position.
Security Operations Engineer (PID0632/0633) ISRC SAO
Contract / Freelance
Full-time
Remote with travel readiness required (Germany)
Start: 29/06/2026
About the role
We are seeking a Security Operations Engineer to join the Information Security, Risk and Compliance function of a large internal platform programme in the energy sector. Working within a cloud-native, hybrid platform environment, you will design and build the SecOps tooling ecosystem, develop detection capabilities and support incident response activities as the programme scales towards a structured 24x7 security operations capability.
What you'll be doing
Designing and building SecOps tooling covering SIEM, SOAR, vulnerability detection and management, EDR, logging pipelines and user behaviour analytics
Developing architectural patterns and solution designs for the security tool ecosystem
Evaluating and integrating new tools and platforms to strengthen detection, response and automation capabilities
Building and maintaining scalable data ingestion, correlation and alerting workflows for advanced detection and response
Coordinating with operational engineers to jointly maintain SecOps workflows and ensure platform reliability
Building automation scripts, playbooks and workflows in SOAR tooling to enhance response efficiency and reduce analyst workload
Designing and building an internal SecOps product providing detection and response capabilities for vulnerabilities, threats and security events
Integrating with the internal observability product and broader corporate SOC capabilities
Providing technical management during incidents, including tooling behaviour, data quality and engineering fixes
Developing, testing and operationalising detection capabilities based on evolving threats and platform telemetry
Creating and maintaining detection-as-code artefacts such as Sigma rules, YARA, KQL queries and static analysis rules
Validating detection quality through adversary simulation, purple-teaming or continuous tuning
Requirements
What you'll need
5+ years of experience in security operations, engineering and cloud security tooling
Engineering background in SIEM/SOAR, EDR platforms, log ingestion, telemetry pipelines, scripting (Python, PowerShell, Go) and cloud-native security tooling
Experience with infrastructure-as-code, CI/CD toolchains and container orchestration (Kubernetes)
Experience with threat modelling, detection engineering frameworks, TTP matrices and MITRE ATT&CK
Experience creating architectural diagrams, interface specifications and onboarding guidelines
Experience with logging and detection solutions for cloud architecture
Fluent English, spoken and written (C1 minimum)
Desirable
Experience with Wazuh
Familiarity with observability platforms and OpenTelemetry
Background in SOC Analyst Tier 1-3 roles or understanding of security operations centres
Knowledge of security frameworks including BSI, ISO 27001 and MITRE ATT&CK
Experience with GCP or other public cloud providers
DFIR or blue team certifications (CySA+, GIAC, GCIH, BTL)
Kubernetes security experience (CKS or CNCF related)
Benefits
Als Freiberufler / Auftragnehmer bei uns genießen Sie flexible Arbeitszeiten und die Freiheit, Ihre eigenen Projekte zu wählen. Unsere Plattform bietet Ihnen Zugang zu spannenden Projekten in verschiedenen Branchen und unterstützt Sie bei Ihrer beruflichen Entwicklung. Sie profitieren von einer attraktiven Vergütung und einem engagierten Team, das Ihnen bei Fragen zur Seite steht. Arbeiten Sie unabhängig und nutzen Sie unser starkes Netzwerk, um Ihre beruflichen Ziele zu erreichen.