Job Information
Siemens Cyber Defense Center Detection Engineer for Operational Technology (OT) (m/f/d) in Madrid, Spain
Job Family: Cybersecurity
Req ID: 434345
The Cybersecurity Defense Center (CDC) is a global organization within Siemens consisting of regionally aligned teams across Germany, Portugal, Spain, Switzerland, United States, Mexico, and China.
CDC offers security monitoring and threat detection services. The main objective of the CDC is to attempt to keep Siemens protected by preventing the materialization of threats and minimizing any adverse reputational and financial impact. The CDC portfolio enables identification and initial response to a range of threat actors, from commodities to nation state-backed actors.
As the frontline resource for monitoring, detecting, alerting, hunting, and responding to threat actors – the CDC provides deep expertise in defending against a wide range of threat actor tactics, techniques, and procedures.
Position Overview:
In this position, the Detection Engineer for Operational Technology (OT) will be part of the CDC for Europe and will be part of the CDC OT team split between Europe and America.
Using Threat Intelligence and the visibility within the OT environment blend engineering and analysis to identify and implement use cases in detection tools.
What are my responsibilities?
Coordinate with Cyber Defense Analysts to manage and administer the updating of rules and signatures (e.g., intrusion detection systems, content white/blacklists, SIEM rules) for specialized cyber defense in OT environments.
Use data sources, event pipelines, correlation and enrichment in the SIEM to create detections.
Ensure detection capabilities are developed consistent with organization-level cybersecurity architecture.
Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security.
Perform event correlation using information gathered from a variety of sources to gain situational awareness and determine the effectiveness of an observed attack.
Validate intrusion detection system (IDS) alerts against network traffic using packet analysis tools.
Coordinate with intelligence analysts to correlate threat assessment data.
Improve detection capabilities.
Analyze data sources to provide actionable recommendations.
Maintain Attack detection use cases and data sources.
Review adversaries’ tactics, techniques, procedures, and threat data to develop use-cases for attack detection in the OT environments.
Support threat detection and hunting using multiple kinds of data sources and develop detection analytics.
Review threat data from various sources, develop custom signatures and use-cases for attack detection.
Engineer and tune detection rules
Analyze network traffic from production environments.
Cooperate with the infrastructure team to further develop the CDC OT detection capabilities.
Knowledge of collection systems, capabilities, and processes.
What do I need to qualify for this job?
3+ years professional experience in security monitoring/security operations center environment (SOC), investigating security events, handling incidents, threats and/or vulnerabilities.
Interest in industrial cybersecurity.
Previous knowledge in OT environments preferred, but not required.
University degree in computer science, IT security or related fields and cybersecurity certifications are a plus (GCIH, GCFA, GNFA, GCTI, GREM or similar)
Strong understanding of enterprise detection & response, network traffic analysis and intrusion detection.
Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities.
Ability to think like threat actors.
Working knowledge of SIEM platforms with experience in use case development.
Proficient in written and spoken English.
Good interpersonal skills and attention to detail.
Other languages are a plus.
Team player, able to collaborate with others remotely.
Proactive, customer oriented, self-initiative and ability to work independently.
We are thrilled to have:
A hybrid working model with a flexible working hours policy in order to promote work life balance. A budget for setting up a home office, health insurance, possibility to have a sabbatical leave or non-paid time off and a financial support program for your studies.
You also have a medical center on the premises, sports groups, 2 days volunteering, access to e-learning platforms (Learnlight, Linkedin Learning and more) and discounts with partners.
To all these benefits we add the possibility to work in a fresh, relaxed, and always motivated environment.
We’ve got quite a lot to offer. How about you?
This role is open to be hired in Portugal and Spain. Please send your CV in English, otherwise your application will not be considered.
Siemens is committed to creating a diverse environment and is glad to be an equal opportunity employer. We strongly encourage applications from a diverse talent pool!
Securing the Future Enterprise Today. Join us!