ZEISS
SecurityOperationsEngineer(SIEM/SOAR)
Neural analysis suggests this role is
optimal for Mid candidates.
“Security Operations Engineer (SIEM/SOAR) at ZEISS. Skills: SIEM, SOAR, Detection engineering, Response automation. Evolve detection and response capabilities. Ensure security platforms deliver insights”
What You'll Achieve.
Strengthen overall detection and response posture; Enable quick and decisive reaction to threats; Achieve high quality alerting; Achieve high quality detection; Achieve high quality response capability
Industry & Context.
Analytical abilities; Problem-solving abilities
What They're Looking For.
Must Have
Detection engineering experience, SOC engineering experience, Security operations experience, SIEM analytic rules, EDR analytic rules, Custom queries, Searches, Dashboards, Reports, Log sources understanding, Event parsing understanding, Normalization understanding, Enrichment understanding, SOAR playbooks design, SOAR playbooks implementation, SIEM query languages, Common detection frameworks, Threat intelligence translation, Adversary behavior translation, Detection use cases alignment, MITRE ATT&CK alignment, Emerging threats alignment, Real-world attack patterns alignment, APIs, Integrations, Technical documentation skills
Nice to Have
Scripting skills, Automation skills, Python, PowerShell, Fluent in German
What You'll Do.
Evolve detection and response capabilities
Ensure security platforms deliver insights
Turn threat intelligence into detection logic
Turn incident lessons into automated workflows
Define detection use cases
Document detection use cases
Stay informed about attack patterns
Finetune detection use cases
Maintain SIEM analytic rules
Modify SIEM analytic rules
Maintain EDR analytic rules
Modify EDR analytic rules
Finetune analytic rules
Design SOAR playbooks
Configure SOAR playbooks
Maintain SOAR playbooks
Manage reference sets
Manage exception lists
Manage SIEM user accounts
Manage SIEM permissions
Create custom queries
Create custom searches
Create custom reports
Troubleshoot integrations
Troubleshoot analytic rules
Troubleshoot alert behavior
Improve detection coverage
Improve response automation
How You'll Work.
Team & Collaboration
Collaborate with SOC; Collaborate with CIRT; Collaborate with threat intelligence; Collaborate with platform engineering; Collaborate with external service providers; Collaborate with platform teams
Communication Scope
Technical documentation skills
Full Job Description
# Your Role As Security Operations Engineer (SIEM/SOAR), you shape and continuously evolve the detection and response capabilities at the heart of our Cyber Defense Center. You ensure that our security platforms deliver meaningful, actionable insights – turning threat intelligence, adversary behavior, and incident lessons learned into effective detection logic and automated response workflows. In close collaboration with SOC, CIRT, threat intelligence, platform engineering, and external service providers, you help strengthen our overall detection and response posture and enable the organization to react quickly and decisively to emerging cyber threats. \- Define and document detection use cases aligned with CDC priorities, threat intelligence, and MITRE ATT&CK techniques. \- Stay informed about current attack patterns to finetune detection use cases based on emerging threats, TTPs, and incident lessons learned. \- Maintain and modify SIEM and EDR analytic rules across the detection lifecycle. \- Finetune analytic rules to improve signal to noise ratio and reduce false positives. \- Design, configure, and maintain SOAR response playbooks to automate and orchestrate incident response actions. \- Manage watchlists, reference sets, and exception lists used by analytic rules and playbooks. \- Manage user accounts and permissions for the SIEM system and related detection tooling. \- Create custom queries, searches, and reports to support investigations, hunting, and operational reporting. \- Assist SOC analysts with analysis and troubleshooting of integrations, analytic rules and alert behavior. \- Collaborate with Threat Intelligence, SOC, CIRT, and platform teams to continuously improve detection coverage and response automation. Your Profile \- Degree in Computer Science, IT Security, or a related field, or equivalent work experience. \- Several years of hands‑on experience in detection engineering, SOC engineering, or security operations. \- Strong drive to achiev
Applying for this Security Operations Engineer (SIEM/SOAR) role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
How to Apply on Workday
- Workday has a multi-step form — save your progress after every section.
- "Apply With LinkedIn" can fail or lose data; manual entry is more reliable.
- Watch for the "Submit for Review" final step — hitting "Save" alone does not submit.
- Job requisition numbers are useful when following up with HR by email.
ANONYMOUS · UNFILTERED
What do employees actually say about ZEISS?
Real rants from real employees. Read before you apply.