ZEISS

SecurityOperationsEngineer(SIEM/SOAR)

Hungary FULL TIME Remote Friendly

Market Sentiment

HIGH DEMAND

Neural analysis suggests this role is
optimal for Mid+ candidates.

The Brief

“Security Operations Engineer (SIEM/SOAR) at ZEISS. Skills: SIEM, SOAR, Detection engineering, Response automation, MITRE ATT&CK alignment. Shape and continuously evolve the detection and response capabilities at the heart of our Cyber Defense Center. Ensure that our security platforms deliver meaningful, actionable insights”

What You'll Achieve.

Strengthen our overall detection and response posture; Enable the organization to react quickly and decisively to emerging cyber threats; Achieve high quality alerting, detection and response capability; Improve signal to noise ratio and reduce false positives; Automate and orchestrate incident response actions; Continuously improve detection coverage and response automation

Industry & Context.

Problems you'll solve

Analytical and problem-solving abilities

What They're Looking For.

Must Have

Several years of handsâ€‘on experience in detection engineering, SOC engineering, or security operations, Experience in building, tuning, and maintaining SIEM and EDR analytic rules in production environments, Experience creating custom queries, searches, dashboards, and reports to support SOC operations, Solid understanding of log sources, event parsing, normalization, and enrichment, Ability to design and implement SOAR playbooks to automate enrichment, triage, and response workflows, Competence in writing queries, correlation rules, and analytics using SIEM query languages (e. g. , KQL, SPL, AQL) and common detection frameworks (e. g. , Sigma), Ability to translate threat intelligence and adversary behavior into effective detection use cases, Capability to align detections and response logic with MITRE ATT&CK, emerging threats, and realworld attack patterns, Working knowledge of APIs and integrations for connecting SIEM, SOAR, EDR, and other security tools, Technical documentation skills and ability to produce clear runbooks and detection content documentation, Structured, detailâ€‘oriented working style with analytical and problemsolving abilities

Nice to Have

Scripting and automation skills (e.g., Python, PowerShell) are a plus, Fluent in German is a plus

What You'll Do.

Shape and continuously evolve the detection and response capabilities at the heart of our Cyber Defense Center

Ensure that our security platforms deliver meaningful

Turning threat intelligence

and incident lessons learned into effective detection logic and automated response workflows

Define and document detection use cases aligned with CDC priorities

and MITRE ATT&CK techniques

Stay informed about current attack patterns to finetune detection use cases based on emerging threats

and incident lessons learned

Maintain and modify SIEM and EDR analytic rules across the detection lifecycle

Finetune analytic rules to improve signal to noise ratio and reduce false positives

and maintain SOAR response playbooks to automate and orchestrate incident response actions

and exception lists used by analytic rules and playbooks

Manage user accounts and permissions for the SIEM system and related detection tooling

Create custom queries

and reports to support investigations

and operational reporting

Assist SOC analysts with analysis and troubleshooting of integrations

analytic rules and alert behavior

Collaborate with Threat Intelligence

and platform teams to continuously improve detection coverage and response automation

How You'll Work.

Team & Collaboration

In close collaboration with SOC, CIRT, threat intelligence, platform engineering, and external service providers; Collaborate with Threat Intelligence, SOC, CIRT, and platform teams to continuously improve detection coverage and response automation; working in a team composed of excellent teammates and a supportive lead who collaborate to guide and support professional development from day one; work in dynamic and interdisciplinary teams

Full Job Description

# Your Role As Security Operations Engineer (SIEM/SOAR), you shape and continuously evolve the detection and response capabilities at the heart of our Cyber Defense Center. You ensure that our security platforms deliver meaningful, actionable insights â€“ turning threat intelligence, adversary behavior, and incident lessons learned into effective detection logic and automated response workflows. In close collaboration with SOC, CIRT, threat intelligence, platform engineering, and external service providers, you help strengthen our overall detection and response posture and enable the organization to react quickly and decisively to emerging cyber threats. \- Define and document detection use cases aligned with CDC priorities, threat intelligence, and MITRE ATT&CK techniques. \- Stay informed about current attack patterns to finetune detection use cases based on emerging threats, TTPs, and incident lessons learned. \- Maintain and modify SIEM and EDR analytic rules across the detection lifecycle. \- Finetune analytic rules to improve signal to noise ratio and reduce false positives. \- Design, configure, and maintain SOAR response playbooks to automate and orchestrate incident response actions. \- Manage watchlists, reference sets, and exception lists used by analytic rules and playbooks. \- Manage user accounts and permissions for the SIEM system and related detection tooling. \- Create custom queries, searches, and reports to support investigations, hunting, and operational reporting. \- Assist SOC analysts with analysis and troubleshooting of integrations, analytic rules and alert behavior. \- Collaborate with Threat Intelligence, SOC, CIRT, and platform teams to continuously improve detection coverage and response automation. Your Profile \- Degree in Computer Science, IT Security, or a related field, or equivalent work experience. \- Several years of handsâ€‘on experience in detection engineering, SOC engineering, or security operations. \- Strong drive to achiev

Free ATS check

Applying for this Security Operations Engineer (SIEM/SOAR) role?

Most applicants get filtered before a human reads their resume. See if yours makes the cut.

Should you apply? AI reads your resume vs this job — match score, gaps to address, ATS keywords.

SKILL SIGNAL 51 detected · ranked by frequency

SIEM ×7

SOAR ×7

EDR ×5

KQL ×5

SPL ×5

AQL ×5

Sigma ×5

Python ×5

PowerShell ×5

APIs ×4

Detection engineering ×3

Response automation ×3

MITRE ATT&CK alignment ×2

Response workflows ×2

SOC engineering

Security operations

Threat intelligence

Adversary behavior

Incident lessons learned

Detection logic

Detection coverage

Log sources

Event parsing

Normalization

Enrichment

Enrichment workflows

Triage workflows

MITRE ATT&CK techniques

Attack patterns

Emerging threats

TTPs

Analytic rules

BEHAVIOURAL

Drive to achieve high quality alerting, detection and response capabilityAnalytical and problem-solving abilities

Role Details

Seniority mid

Work Mode 40-60% hybrid work option

Type FULL TIME

Education Degree in Computer Science, IT Security, or a related field,

AI-Extracted Insights

Domain Areas

cyber-defense-centerthreat-intelligenceadversary-behaviorincident-lessons-learnedmitre-att-ck-techniquesattack-patternsemerging-threatsttps

How to Apply on Workday

Workday has a multi-step form — save your progress after every section.
"Apply With LinkedIn" can fail or lose data; manual entry is more reliable.
Watch for the "Submit for Review" final step — hitting "Save" alone does not submit.
Job requisition numbers are useful when following up with HR by email.

ANONYMOUS · UNFILTERED

What do employees actually say about ZEISS?

Real rants from real employees. Read before you apply.

Read Company Rants →