Security Operations Engineer (f/m/d)

Are you passionate about cybersecurity and blue team topics like threat hunting, anomaly detection, and incident response? Do you thrive in an agile environment and want to contribute to a leading digital company? Join us as a Security Operations Engineer and help secure our products: WEB.DE, GMX, and mail.com! In this role, you’ll be at the heart of our operational security:

• Innovate and Enhance: Design and continuously improve processes and tools in key areas such as SIEM, cyber threat intelligence, threat hunting, vulnerability management, and digital forensics – helping us maintain a real-time understanding of our threat landscape.
• Lead Incident Response: Triage security alerts and take the lead as Incident Manager / Commander during confirmed incidents, coordinating cross-functional teams under pressure.
• Automate Workflows: Automate detection and response workflows, leveraging established platforms like SIEM or EDR/XDR, as well as your own custom scripts and playbooks.
• Technical Analysis: Perform in-depth technical analyses, including log analysis and digital forensics.
• 24/7 Coverage: Participate in our on-call rotation, ensuring 24/7 security coverage when needed.

Do you have a technical degree or equivalent education, and a passion for cybersecurity? Have you already gained hands-on experience in this field? Then we’re looking forward to your application!

• Expertise: Strong knowledge of common security operations tools and processes—such as SIEM, cyber threat intelligence, vulnerability management, or forensic tools—and staying current with best practices and standards (e.g., NIST, FIRST, MITRE ATT&CK). Relevant certifications (e.g., OSCP, GCIA, GCIH) are a plus, but not required.
• Technical Foundation: Solid technical foundation with deep understanding of networks, communication protocols, operating systems, and web-based distributed architectures.
• Continuous Learning: Commitment to continuous learning and regularly sharpening your skills in IT infrastructure and security. Familiarity with modern practices such as DevSecOps, Continuous Delivery, Detection as Code, or Infrastructure as Code.
• Hands-On Skills: Comfortable writing scripts or code in at least one language (solid Python knowledge is a plus) using Git-based workflows.
• Team Player: Excellent communication skills (English level at least C1) and the ability to guide and align stakeholders.

• Our corporate culture: No dress code, flat hierarchies, open and transparent communication
• Individual development opportunities: diverse training courses, e-learning and internal communities, language courses, mentoring
• Events: Slack Days, open source projects, meet-ups
• Relocation service: support with the relocation to Germany
• Benefits and additional services: company pension scheme, capital-forming benefits, discounts on own products, job ticket, bike leasing, corporate benefits portal
• Attractive working conditions: 30 days holiday, hybrid working, full-time and part-time arrangements, free choice between Linux, Mac or Windows
• Social: team events, summer and winter parties, family and care service, sports and fitness programmes, subsidised canteen, free fruit and drinks, health courses
• Topics that are also important to us: Sustainability, diversity and our values and leadership principles - find out more on our website mail-and-media.com