Cyber Defense Analyst

This is a fully remote position, open to applicants in Germany.

📋 Description

• In the role of a Cyber Defense Analyst, you will be pivotal in assisting our clients with the analysis and mitigation of cyber threats at our Cyber Detection and Response Center (CDRC).

• Additionally, you will aid in the operation of SIEM and XDR systems for our CDRC clients, placing a strong emphasis on Microsoft security technologies.

• Your responsibilities will include a thorough onboarding process into the technologies and procedures utilized in the CDRC.

• You will specialize in Microsoft Defender XDR and Microsoft Sentinel.

• Expect a variety of analysis tasks across multiple detection and response systems to enhance the dynamism of your workday.

• You will design, develop, and fine-tune use cases for Microsoft Sentinel.

• Engage in threat hunting activities using Microsoft Defender and Microsoft Sentinel.

• Initiate response measures to counteract cyber attacks.

• Develop and optimize playbooks utilizing Azure Logic Apps within Microsoft Sentinel.

• Create and maintain Workbooks in Microsoft Sentinel for effective reporting and visualization.

• Maintain close contact with clients for regular collaboration with their security teams.

• Execute internal projects and further specialize in the technologies employed.

• Conduct Level 1 & 2 analyses to assist our forensics team during compromise assessments.

• Develop, implement, and fine-tune detection mechanisms within the Microsoft ecosystem.

• Automate security processes through Azure Logic Apps and SOAR capabilities.

• Enjoy a healthy work-life balance in a 24/7 shift model with incentives that significantly benefit shift work.

• Mentor less experienced colleagues.

⛳️ Requirements

• A minimum of 2–3 years of professional experience in constructing and/or managing Security Operations Centers (SOC) or in related fields, showcasing proven expertise in Microsoft security.

• Profound knowledge of Microsoft Defender XDR, including detection, investigation, and response across the Defender ecosystem.

• Strong familiarity with Microsoft Sentinel (SIEM/SOAR) encompassing operation, configuration, and monitoring.

• Capability in use case design and tuning, allowing for the creation, optimization, and adaptation of detection rules to suit customer environments.

• Experience in threat hunting, involving proactive searches for threats within logs and data.

• Practical experience with playbooks and workbooks in Microsoft Sentinel.

• Knowledge of automation processes using Azure Logic Apps (SOAR functionality in Sentinel).

• Solid grounding across essential IT domains, including networking, operating systems, and basic scripting.

• Excellent verbal and written skills in both German and English.

• An analytical, structured, and independent approach to thinking and working.

• Strong customer and service orientation, with a readiness to take on responsibility within a team.

• An entrepreneurial mindset and approach.

• Microsoft certifications are highly valued, particularly: SC-200 (Microsoft Security Operations Analyst) — preferred.

• SC-100 (Microsoft Cybersecurity Architect) — advantageous.

• SC-300 (Microsoft Identity and Access Administrator) — preferred.

🏝️ Benefits

• 30 vacation days per year.

• Digital work equipment, including laptop and smartphone.

• Personal mentor available during onboarding.

• Opportunities to participate in company events.

• Regular professional training and development sessions.

• Location-independent work options* (remote-capable).

• Partially flexible working hours*.

• Individual company car policy.

• Company bike (Job-Rad) scheme.

• Urban Sports Club membership.

• Company pension plan.