Security Operations Engineer (PID0632/0633)

This is a remote position. Security Operations Engineer (PID0632/0633) ISRC SAO Contract / Freelance Full-time Remote with travel readiness required (Germany) Start: 29/06/2026 About the role We are seeking a Security Operations Engineer to join the Information Security, Risk and Compliance function of a large internal platform programme in the energy sector. Working within a cloud-native, hybrid platform environment, you will design and build the SecOps tooling ecosystem, develop detection capabilities and support incident response activities as the programme scales towards a structured 24x7 security operations capability. What you'll be doing Designing and building SecOps tooling covering SIEM, SOAR, vulnerability detection and management, EDR, logging pipelines and user behaviour analytics Developing architectural patterns and solution designs for the security tool ecosystem Evaluating and integrating new tools and platforms to strengthen detection, response and automation capabilities Building and maintaining scalable data ingestion, correlation and alerting workflows for advanced detection and response Coordinating with operational engineers to jointly maintain SecOps workflows and ensure platform reliability Building automation scripts, playbooks and workflows in SOAR tooling to enhance response efficiency and reduce analyst workload Designing and building an internal SecOps product providing detection and response capabilities for vulnerabilities, threats and security events Integrating with the internal observability product and broader corporate SOC capabilities Providing technical management during incidents, including tooling behaviour, data quality and engineering fixes Developing, testing and operationalising detection capabilities based on evolving threats and platform telemetry Creating and maintaining detection-as-code artefacts such as Sigma rules, YARA, KQL queries and static analysis rules Validating detection quality through adversary simulation, purple-teaming or continuous tuning

Requirements

What you'll need 5+ years of experience in security operations, engineering and cloud security tooling Engineering background in SIEM/SOAR, EDR platforms, log ingestion, telemetry pipelines, scripting (Python, PowerShell, Go) and cloud-native security tooling Experience with infrastructure-as-code, CI/CD toolchains and container orchestration (Kubernetes) Experience with threat modelling, detection engineering frameworks, TTP matrices and MITRE ATT&CK Experience creating architectural diagrams, interface specifications and onboarding guidelines Experience with logging and detection solutions for cloud architecture Fluent English, spoken and written (C1 minimum) Desirable Experience with Wazuh Familiarity with observability platforms and OpenTelemetry Background in SOC Analyst Tier 1-3 roles or understanding of security operations centres Knowledge of security frameworks including BSI, ISO 27001 and MITRE ATT&CK Experience with GCP or other public cloud providers DFIR or blue team certifications (CySA+, GIAC, GCIH, BTL) Kubernetes security experience (CKS or CNCF related)

Benefits

Als Freiberufler / Auftragnehmer bei uns genießen Sie flexible Arbeitszeiten und die Freiheit, Ihre eigenen Projekte zu wählen. Unsere Plattform bietet Ihnen Zugang zu spannenden Projekten in verschiedenen Branchen und unterstützt Sie bei Ihrer beruflichen Entwicklung. Sie profitieren von einer attraktiven Vergütung und einem engagierten Team, das Ihnen bei Fragen zur Seite steht. Arbeiten Sie unabhängig und nutzen Sie unser starkes Netzwerk, um Ihre beruflichen Ziele zu erreichen.