Job Description:

In order to support our international Incident Response Team, Airbus Defence and Space is looking for a

Detection & Automation Engineer (d/f/m)

A mission critical part for us in order to secure our world-class business. This is a technical, hands-on role that will work with a variety of security tools and technologies protecting our whole enterprise.

The successful candidate will be responsible for managing the entire lifecycle of our detection rules repository and SOC automation stack. You will be responsible for technical evolution of our SOC blueprint and managing enhancement projects to integrate new features and solutions into our Security Operation Centers (SOC).

This role is also available with reduced weekly hours and an adapted scope of tasks.

Your location

Our site is just a stone's throw away from Munich, the beautiful capital of Bavaria. Are you into sports and other outdoor activities? The Alps and Lake Starnberg are within an hour’s reach, offering a multitude of recreational options.

Your benefits

• Attractive salary and special payments

• 30 days paid vacation and extra days-off for special occasions

• Excellent upskilling opportunities and great international, group wide development prospects

• Special benefits: employer-funded pension, employee stock options, discounted car leasing, special conditions for insurances, subsidies for public transport, employee benefits at cooperating companies

• On-site-facilities: Kindergarten close to the site, medical officer for check-ups and other health-related services, canteen and cafeteria, gym

• Compatibility of family & work (job sharing, part-time models, flexible working hours, individual timeout)

• Working in a diverse environment, with more than 140 nationalities, where every voice is heard

Your tasks and responsibilities

• Assist in the development and fine-tuning of detection rules and alerts for monitoring security systems (e.g., SIEM, EDR).

• Contribute in the specification of telemetry log sources and data normalization for its processing in Cyber Detection.

• Develop tools and techniques to identify patterns and anomalies in network traffic, system logs, and application data that could indicate security incidents (Threat Hunting).

• Implement adversary emulation tests to assess the quality of the detection rules

• Participate in supporting the Incident Resposne Team in investigation and analysis of potential security incidents and vulnerabilities.

• Collaborate with senior engineers to develop and implement remediation strategies based on the investigation findings.

• Document and report incidents, detailing the nature of the event, steps taken for remediation, and future prevention strategies.

• Collaboration in the improvement of our CTI Processes and tools.

• Digestion and process of CTI feeds.

• Support threat intelligence operationalization  efforts.

• Work closely with other security teams (e.g., red team, application security) to improve threat detection and response strategies.

• Supporting the definition and execution of Purple Teaming activities, to improve the Cyber Detection and Response capabilities.  

• Help document processes, playbooks, and technical documentation related to threat detection, response,.

• Contribute to internal training sessions on threat detection methodologies and best practices.

• Participate actively in the development and implementation of tools and artifacts to support the Security Operations activities, within the scope of the Detection Engineering Team.

• Integrate different components to provide optimizations in the day to day of the Operational Teams, and enhance the company’s Cyber Resilience.

• Stay informed on the latest security trends, threats, and vulnerabilities, continually building knowledge in the cyber threat landscape.

• Participate in workshops, training, and certifications to enhance skills in cyber detection and response.

Desired skills and qualifications

• Understanding of security tools such as EDR, Windows Logging,  firewalls, intrusion detection/prevention systems (IDS/IPS)..

• Deep knowledge of Operating System insights (Windows/Linux)

• Knowledge of security frameworks (e.g., MITRE ATT&CK) and common attack vectors.

• Experience with Python is a requirement, PowerShell/Bash are a plus.

• Understanding of DevOps, git..

• Analytical Skills: Ability to investigate and analyze security events, developing detailed reports on findings and proposed solutions.

• This role may involve collaboration with different cybersecurity teams across Europe to improve the organization’s overall security posture, with a focus on incident detection and response strategies.

• Fluent written and spoken English are a must.

Not a 100% match? No worries! Airbus supports your personal growth with customized development solutions.

Take your career to a new level and apply online now!

This job requires an awareness of any potential compliance risks and a commitment to act with integrity, as the foundation for the Company’s success, reputation and sustainable growth.

Company:

Employment Type:

-------

Experience Level:

Job Family:

By submitting your CV or application you are consenting to Airbus using and storing information about you for monitoring purposes relating to your application or future employment. This information will only be used by Airbus.
Airbus is committed to achieving workforce diversity and creating an inclusive working environment. We welcome all applications irrespective of social and cultural background, age, gender, disability, sexual orientation or religious belief.

Airbus is, and always has been, committed to equal opportunities for all. As such, we will never ask for any type of monetary exchange in the frame of a recruitment process. Any impersonation of Airbus to do so should be reported to emsom@airbus.com.

At Airbus, we support you to work, connect and collaborate more easily and flexibly. Wherever possible, we foster flexible working arrangements to stimulate innovative thinking.