Security Operations Engineer (f/m/d)
GMX, WEB.DE & mail.com · Karlsruhe, Baden-Württemberg, Germany
- On site
- Full-time
- €70,000 / year
- Karlsruhe, Baden-Württemberg, Germany
This role may have been filled. Drop your résumé and we'll check if it's still open — or find you similar roles.
Job highlights
- Secure leading digital products like WEB.DE and GMX.
- Design and improve security operations processes and tools.
- Lead incident response and manage security incidents.
- Automate detection and response workflows with scripts.
- Analyze technical issues using forensics and log analysis.
About the role
Security Operations Engineer
Are you passionate about cybersecurity and blue team topics like threat hunting, anomaly detection, and incident response? Do you thrive in an agile environment and want to contribute to a leading digital company? Join us as a Security Operations Engineer and help secure our products: WEB.DE, GMX, and mail.com! In this role, you’ll be at the heart of our operational security.
Innovate and Enhance
Design and continuously improve processes and tools in key areas such as SIEM, cyber threat intelligence, threat hunting, vulnerability management, and digital forensics – helping us maintain a real-time understanding of our threat landscape.
Lead Incident Response
Triage security alerts and take the lead as Incident Manager / Commander during confirmed incidents, coordinating cross-functional teams under pressure.
Automate Workflows
Automate detection and response workflows, leveraging established platforms like SIEM or EDR/XDR, as well as your own custom scripts and playbooks.
Technical Analysis
Perform in-depth technical analyses, including log analysis and digital forensics.
24/7 Coverage
Participate in our on-call rotation, ensuring 24/7 security coverage when needed.
Your Profile
Do you have a technical degree or equivalent education, and a passion for cybersecurity? Have you already gained hands-on experience in the field? Then we’re looking forward to your application!
Expertise
Strong knowledge of common security operations tools and processes—such as SIEM, cyber threat intelligence, vulnerability management, or forensic tools—and staying current with best practices and standards (e.g., NIST, FIRST, MITRE ATT&CK). Relevant certifications (e.g., OSCP, GCIA, GCIH) are a plus, but not required.
Technical Foundation
Solid technical foundation with a deep understanding of networks, communication protocols, operating systems, and web-based distributed architectures. Continuous Learning: Commitment to continuous learning and regularly sharpening your skills in IT infrastructure and security. Familiarity with modern practices such as DevSecOps, Continuous Delivery, Detection as Code, or Infrastructure as Code.
Hands-On Skills
Comfortable writing scripts or code in at least one language (solid Python knowledge is a plus) using Git-based workflows.
Team Player
Excellent communication skills (English level at least C1) and the ability to guide and align stakeholders.
Our Benefits
- Lived corporate culture: Flat hierarchies, a culture of respect and appreciation, signatories of the Diversity Charter, open communication, and no dress code.
- Wide range of further training: Internal and external training opportunities, LinkedIn Learning, language courses, talent development programs, conferences, and mentoring.
- TEC-Campus: Free choice between Linux, Mac, or Windows, slack days, conferences, lecture series, courses, open-source projects, community meetups, and user groups.
- Active health care: Wellpass, free internal sports and fitness classes, health days, family & care support services, discounts at fitness centers, mental health first responder, fresh fruit, and drinks for free.
- Mobility: Subsidy for job bike leasing, job ticket, and relocation service if you live outside Germany.
- Flexible working models: Home office options, flexible working hours, and 30 days of vacation with the option for additional unpaid leave.
- Financial benefits: Corporate benefits, company pension scheme, capital-forming benefits, occupational disability insurance, and various partner discounts.
- Events: Summer and winter parties, sports tournaments, and team events.
Key skills/competency
- Security Operations Engineer
- Cybersecurity
- Blue Team
- Threat Hunting
- Incident Response
- SIEM
- Vulnerability Management
- Digital Forensics
- Python Scripting
- MITRE ATT&CK
Skills & topics
- Security Operations Engineer
- Cybersecurity
- Blue Team
- Threat Hunting
- Incident Response
- SIEM
- Vulnerability Management
- Digital Forensics
- Python
- Network Security
How to get hired
- Tailor your resume: Highlight cybersecurity experience, SIEM, threat hunting, and incident response skills.
- Showcase technical skills: Emphasize scripting (Python), network knowledge, and OS understanding.
- Demonstrate passion: Mention continuous learning, relevant certifications, and DevSecOps familiarity.
- Prepare for interviews: Be ready to discuss incident scenarios and technical analysis methods.
- Network internally: Connect with current employees on LinkedIn to understand company culture.
Technical preparation
Behavioral questions
Frequently asked questions
- What are the primary responsibilities of a Security Operations Engineer at GMX, WEB.DE & mail.com?
- As a Security Operations Engineer, you will be responsible for designing and improving security operations processes, leading incident response, automating detection and response workflows, performing technical analyses like log analysis and digital forensics, and participating in a 24/7 on-call rotation. Your work directly contributes to securing products like WEB.DE, GMX, and mail.com.
- What technical skills and experience are essential for this Security Operations Engineer role?
- Essential technical skills include strong knowledge of SIEM, cyber threat intelligence, vulnerability management, and forensic tools, along with best practices like NIST and MITRE ATT&CK. A solid foundation in networks, protocols, operating systems, and web architectures is crucial. Proficiency in scripting languages like Python and familiarity with Git-based workflows are highly valued for automating tasks.
- Does GMX, WEB.DE & mail.com offer opportunities for professional development in cybersecurity?
- Yes, the company offers a wide range of further training, including internal and external opportunities, LinkedIn Learning, language courses, talent development programs, and conference attendance. This commitment to continuous learning ensures you can sharpen your IT infrastructure and security skills.
- What is the work environment like for a Security Operations Engineer at this company?
- The work environment is described as agile, with flat hierarchies, a culture of respect and appreciation, and open communication. The company is a signatory of the Diversity Charter and has no dress code, promoting a comfortable and collaborative atmosphere.
- Are there remote work options for the Security Operations Engineer position?
- The company offers flexible working models, including home office options and flexible working hours, indicating a degree of flexibility for employees. However, participation in a 24/7 on-call rotation may require specific on-site availability or robust remote support infrastructure.
- What kind of benefits can I expect as a Security Operations Engineer?
- Benefits include comprehensive healthcare (Wellpass, fitness classes, health days), mobility subsidies (job bike leasing, job ticket), financial benefits (company pension, disability insurance), and various events like parties and team-building activities. Employees also receive 30 days of vacation.