Cyber Security Specialist

Cyber Security Specialist - Threat Detection Engineer (f/m/d) 

Full-time | unlimited

Tracing its origins to 1585, Deutsche Börse Group has become one of the world's leading exchange organisations and an innovative market infrastructure provider. In this role, we provide investors, financial institutions and companies access to global capital markets. By creating trust in the markets of today and tomorrow we foster growth and contribute to the prosperity of future generations. Deutsche Börse Group is an international company, headquartered in Frankfurt/Main, Germany. With more than 6,700 employees, the company has a strong global presence for its customers all over the world, including Luxembourg, Prague, Chicago, London, Cork, New York and many other locations.

What's your part in all this? With your commitment you contribute to the success of our unique business model: offering a wide range of products, services and technologies, covering the entire value chain of global financial markets.

 

The Group Security department directly contributes to execution of the Deutsche Börse Group information security strategy. As a central service provider for the Group entities, Group Security is responsible to protect information assets in terms of safety, integrity, confidentiality, authenticity, and availability by enforcing information security controls based on the relevant regulatory requirements and follows the international standard ISO/IEC 27000-series on the Information Security Management System.

Your area of work:

Cyber Defense Framework team operates in strict cooperation with CERT, SOC, Threat Intelligence and Cyber Analytics teams (responsible for SIEM use case implementation). Cyber Defense Framework team is responsible for a wide range of essential tasks, including defining comprehensive requirements, setting strategic goals, and conducting maturity evaluations to enhance our threat detection capabilities. This includes Threat Landscape definition, Purple Teaming, Threat Hunting and Threat Management structured against MITRE.

 

We are looking for a Threat Detection Engineer to enhance our threat landscape analysis, use case coverage, and detection efficacy. The ideal candidate will assess our current detection capabilities, identify gaps, and develop new detection logic to address evolving threats. You will work closely with security teams to analyze attack trends, optimize security use cases, and improve threat visibility across on-premises and cloud environments. 

Your responsibilities:

• Assess the organization's security posture against evolving threats and propose enhancements.
• Develop and refine detection use cases based on MITRE ATT&CK and real-world attack scenarios.
• Map existing detections to known attack frameworks to identify gaps in coverage.
• Develop advanced detection logics and algorithms which can efficiently spot and alert of any suspicious activity or potential threats.
• Perform detection gap assessments to ensure coverage across network, endpoint, cloud, and application layers.
• Understand threat scenarios and threat actor approach to perform red team/penetration testing exercises and suggest remediations and support closures.
• Threat actor profiling and understanding operations of threat actors.
• Transpose defensive strategies and relevant threat hunting from threat actor's attack approach.
• Understand how external attacks happen and support remediation of external threats.
• Collaborate with Red and Blue Teams to continuously refine detection and response strategies.
  
   

Your profile:

• Solid IT Security technical background and broad knowledge of IT and Information Security technologies especially in the frame of threat detection and security monitoring (e.g. SIEM, EDR, Cloud Security).
• Solid understanding of cyber threats and appropriate detection measures.
• Familiar with cyber threat management, esp. using MITRE ATT&CK framework.
• Deliverable-oriented, with strong problem-solving skills and adaptation on complex and highly regulated environment.
• Team player willing to cooperate with multiple colleagues across office locations.
• Previous experience in a CERT or SOC team is considered a strong asset as well as involvement in threat detection investigations.
• Good report-writing skills to present the results of a threat modelling exercise.
• Scripting skills (e.g. Python, Bash, Perl) is considered a strong asset.
• Experience with JIRA ticketing tool and JIRA Service Manager is a strong asset.
• Technical certification in the area of Red Teaming/Penetration Testing/Purple Teaming or Threat Hunting (e.g. GIAC, OSCP, CEH, etc.) are considered as a strong asset.
• Experienced or conversant with public cloud computing - GCP (preferred), Azure and/or AWS.
• Proficiency in written and spoken English; French/German language skills will be an asset.

Deutsche Börse Group embraces an international climate, whereby diversity is universal. This is evident across the board, be it through our diverse workforce, routine responsibilities or other areas of activities and scope of application. We are looking for employees who enjoy working in a dynamic and flexible environment and are willing to put forward innovative ideas for the company. An open mindset, a proactive approach and self-motivation are prerequisites. 

We offer our employees an attractive remuneration package. Benefits include a high level of trust and autonomy in modern, centrally located workplaces where corporate culture and values are exercised regularly. 

We value diversity and therefore welcome all applications - regardless of gender, nationality, ethnic and social origin, religion/belief, disability, age, sexual orientation and identity.

Have we piqued your interest? Then we encourage you to apply now

Do you have questions about the application process or this position?

Ridhi Girdhar will gladly answer your questions. Please contact us at -

or by phone We look forward to getting to know you

Deutsche Börse Group, Human Resources

www.careers.deutsche-