[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-security-operations-engineer-mfd":3,"similar-security-operations-engineer-mfd":36},{"id":4,"slug":5,"title":6,"skills":7,"budget":20,"duration":21,"location":22,"onsitePercent":23,"contractType":24,"foundAt":25,"category":26,"description":30,"rawText":31,"webTitle":6,"webText":32,"language":33,"projectId":34,"sourceUrl":35},6331,"security-operations-engineer-mfd","Security Operations Engineer (m\u002Ff\u002Fd)",[8,9,10,11,12,13,14,15,16,17,18,19],"SIEM\u002FSOAR","EDR platforms","Python","PowerShell","Go","Kubernetes","CI\u002FCD","Infrastructure-as-code","Threat modelling","MITRE ATT&CK","Cloud security","Detection engineering",null,"15.06.2026 - 31.12.2026 + Option","Frankfurt am Main",50,"contracting","2026-05-27T14:27:24+00:00",{"id":27,"slug":28,"label":29},5,"it_infra_security","IT-Infrastruktur & Security","Designing and building SecOps tooling as part of security tool ecosystem. Developing architecture patterns for SIEM, SOAR, Vulnerability Detection & Management, EDR, and logging pipelines. Building automation scripts and workflows to enhance response efficiency and reduce analyst workload.","Security Operations Engineer (m\u002Ff\u002Fd)\n\nFrankfurt am Main, up to 50% onsite possible\n\nStart: 15.06.2026 (ASAP)\n\n7 minutes ago\n\nJob type:\nProject\n\nDuration:\n31.12.2026 + Option\n\nScope of work:\nfull-time - (100%)\n\nLanguages:\nEnglish\n\nID: 178739\n\nApply here\n\nWesthouse is one of the leading international recruitment agencies for the procurement of highly qualified experts in fields such as IT lifecycle management, SAP, engineering, commerce and specialist consultancy.\n\nFor our client we are currently looking for a Security Operations Engineer (m\u002Ff\u002Fd) - Frankfurt am Main, up to 50% onsite possible.\n\nYour tasks\n\n- Designing and building SecOps tooling as part of the security tool ecosystem\n- Developing architecture patterns and solution designs for SIEM, SOAR, Vulnerability Detection & Management, EDR, logging pipelines, user behavior analytics, and other security tool categories\n- Evaluate and integrate new tools, technologies, and platforms to strengthen detection, response, and automation capabilities\n- Build and maintain scalable data ingestion, correlation, and alerting workflows to enable advanced detection and response functions.\n- Technical coordination with operational engineers to jointly maintain SecOps workflows and ensure platform reliability\n- Identify opportunities to automate repetitive tasks within security operations processes\n- Build automation scripts, playbooks, and workflows (e.g., in SOAR tools) to enhance response efficiency and reduce analyst workload.\n- Technical Coordination with SOC and IR teams to translate operational needs into automated solutions.\n- Design and build an EDP-internal SecOps product to provide detection and response capabilities towards vulnerabilities, threats and further security events\n- Build state-of-the-art detection capabilities within EDP by integrating with the internal Observability product. Further integrate with the broader corporate SOC capabilities (by e.g. forwarding defined alerts)\n- Providing initial operations and security analysis tasks and shape the way for a structured 24x7 security operations capability\n- Provide technical management during incidents, focusing on tooling behaviour, data quality, and engineering fixes\n- Consult in development or enhancement detection content, correlation rules, dashboards, and data models based on incident patterns\n- Encourage IR activities with rapid instrumentation, log onboarding, and custom tooling during active security events\n- Develop, test, and operationalize new detection capabilities based on evolving threats, platform telemetry, and business requirements\n- Create and maintain detection-as-code artifacts (e.g., Sigma, YARA, KQL queries, static analysis rules)\n- Validate detection quality through adversary simulation, purple-teaming, or continuous tuning\n- Ensure rules are consistently documented, version-controlled, and validated against production data sources\n\nInterested?\n\nTobias Gollmann\n\nTel.: +49-89-383772-4135\nEmail: E-Mail: t.gollmann@westhouse-consulting.com t.gollmann@westhouse-consulting.com\n\nApply here\n\nShare posting\n\nFacebook linkedin Xing twitter\n\nYour qualifications\n\n- Experience with engineering background in SIEM\u002FSOAR, EDR platforms, log ingestion, telemetry pipelines, scripting (Python, PowerShell, Go), and cloud-native security tooling\n- Experience with infrastructure-as-code, CI\u002FCD toolchains, and container orchestration platforms (Kubernetes\n- Experience with threat modelling, detection engineering frameworks, developing TTP matrixes, and MITRE ATT&CK\n- Experience creating architectural diagrams, interface specifications, and onboarding guidelines\n- Experience in Logging and detection solutions for cloud architecture\n- Nice-to-have:\n- Experience with Wazuh\n- Experience with Observability platforms and Open Telemetry\n- Experience in SOC Analyst Tier 1-3 roles or understanding of security operations centers\n- Experience in security frameworks (BSI, ISO 27001, MITRE ATT&CK, etc.)\n- Experience in GCP or public cloud provider\n- Experience in related DFIR or blue team domains (CySA+, GIAC, GCIH, BTL)\n- Experience in Kubernetes security (CKS or CNCF related)","Wir suchen einen erfahrenen Security Operations Engineer (m\u002Ff\u002Fd) für eine spannende Projektposition in Frankfurt am Main mit flexiblen Arbeitsmodellen (bis zu 50% vor Ort möglich). Die Position startet zum nächstmöglichen Zeitpunkt und läuft zunächst bis Ende 2026 mit Verlängerungsoption.\n\nIhre Hauptaufgaben umfassen die Entwicklung und den Aufbau von SecOps-Tools als Teil des Security-Tool-Ökosystems. Sie entwickeln Architekturmuster und Lösungsdesigns für SIEM, SOAR, Vulnerability Detection & Management, EDR, Logging-Pipelines und User Behavior Analytics. Dabei evaluieren und integrieren Sie neue Tools und Technologien zur Stärkung der Detection-, Response- und Automatisierungsfähigkeiten.\n\nEin wesentlicher Schwerpunkt liegt auf dem Aufbau und der Wartung skalierbarer Datenerfassungs-, Korrelations- und Alerting-Workflows für erweiterte Detection- und Response-Funktionen. Sie identifizieren Automatisierungsmöglichkeiten in Security Operations-Prozessen und erstellen entsprechende Scripts, Playbooks und Workflows zur Effizienzsteigerung.\n\nZu Ihren Verantwortlichkeiten gehört auch die technische Koordination mit operativen Teams zur gemeinsamen Wartung von SecOps-Workflows und Plattformzuverlässigkeit. Sie entwickeln moderne Detection-Capabilities durch Integration mit internen Observability-Produkten und stellen die Anbindung an übergeordnete SOC-Funktionen sicher.\n\nWeitere Aufgaben umfassen die Bereitstellung von Security-Analysen, technisches Incident Management mit Fokus auf Tooling-Verhalten und Datenqualität sowie die Entwicklung und Operationalisierung neuer Detection-Capabilities basierend auf aktuellen Bedrohungen und Geschäftsanforderungen. Sie erstellen Detection-as-Code-Artefakte und validieren deren Qualität durch Adversary Simulation und kontinuierliche Optimierung.","en","178739","https:\u002F\u002Fwww.westhouse-group.com\u002Fen\u002Fjoblisting\u002Fsecurity-operations-engineer-m-f-d-frankfurt-am-main-up-to-50-onsite-possible\u002F",{"items":37},[38,55,72,93,106,126,140,165,183,202,224,236,257,274,292],{"id":39,"slug":40,"title":41,"skills":42,"budget":20,"duration":50,"location":51,"onsitePercent":52,"contractType":24,"foundAt":53,"category":54},6361,"netzwerkspezialist-aruba","Netzwerkspezialist Aruba",[43,44,45,46,47,48,49],"Aruba Switches","Aruba Access Points","Netzwerkkonfiguration","iServ","Backup-Systeme","Schulendgeräte","Dokumentation","50 PT","NRW",0,"2026-05-27T15:27:38+00:00",{"id":27,"slug":28,"label":29},{"id":56,"slug":57,"title":58,"skills":59,"budget":20,"duration":67,"location":68,"onsitePercent":69,"contractType":24,"foundAt":70,"category":71},6353,"linux-experte-mwd","Linux Experte (m\u002Fw\u002Fd)",[60,61,62,63,64,65,66],"Red Hat Enterprise Linux (RHEL)","Ansible","3rd Level Support","Troubleshooting","Jira","Deutsch","Englisch","12 Monate+","Köln",100,"2026-05-27T15:16:47+00:00",{"id":27,"slug":28,"label":29},{"id":73,"slug":74,"title":75,"skills":76,"budget":88,"duration":89,"location":90,"onsitePercent":69,"contractType":24,"foundAt":91,"category":92},6340,"it-operations-infra-manager-asap-6monate-onsite","IT Operations & Infra Manager \u002F ASAP \u002F 6+Monate \u002F Onsite",[77,78,79,80,81,82,47,83,84,85,86,87],"IT Infrastructure & Operations","Microsoft-Infrastrukturen","Active Directory","Windows Server","VPN","IT-Security","Rechenzentrumsbetrieb","Teamführung","Stakeholder-Management","IT-Prozessoptimierung","Budgetkontrolle","Verhandelbar","6 Monate +","Sachsen","2026-05-27T14:50:38+00:00",{"id":27,"slug":28,"label":29},{"id":94,"slug":95,"title":96,"skills":97,"budget":20,"duration":103,"location":20,"onsitePercent":52,"contractType":24,"foundAt":104,"category":105},6337,"unterstuetzung-eines-ausschreibungsprozesses-fuer-ein-rfid-zutritts-und-bezahlsystem","Unterstützung eines Ausschreibungsprozesses für ein RFID-Zutritts- und Bezahlsystem",[98,99,100,101,102],"RFID-Technologien","Zutrittsmanagement-Plattformen","öffentliche Ausschreibungen","herstellerneutrale Leistungsbeschreibungen","Bezahlsysteme","1 Monat","2026-05-27T14:36:19+00:00",{"id":27,"slug":28,"label":29},{"id":107,"slug":108,"title":109,"skills":110,"budget":20,"duration":20,"location":123,"onsitePercent":69,"contractType":24,"foundAt":124,"category":125},6326,"it-support-spezialist-dach-mwd","IT Support Spezialist DACH (m\u002Fw\u002Fd)",[111,112,113,114,115,116,117,118,119,120,121,122],"Cybersecurity","IT","ITIL","Informatik","Microsoft Office","Netzwerktechnik","ServiceNow","Windows","Freshservice","Incident Management","Problem Management","Change Management","Konz","2026-05-27T14:26:02+00:00",{"id":27,"slug":28,"label":29},{"id":127,"slug":128,"title":129,"skills":130,"budget":20,"duration":20,"location":20,"onsitePercent":20,"contractType":24,"foundAt":138,"category":139},6283,"interim-leitung-it-wmd","Interim Leitung IT (w\u002Fm\u002Fd)",[131,132,80,133,82,134,135,136,137,65,66],"IT-Führung","Microsoft Active Directory","IT-Infrastruktur","Budgetmanagement","Lizenzmanagement","Vertragsmanagement","Stakeholder Management","2026-05-27T12:35:15+00:00",{"id":27,"slug":28,"label":29},{"id":141,"slug":142,"title":143,"skills":144,"budget":20,"duration":160,"location":161,"onsitePercent":27,"contractType":162,"foundAt":163,"category":164},6278,"administrator-ceph-ansible-proxmox-mwd-95-remote","Administrator (Ceph, Ansible, Proxmox) (m\u002Fw\u002Fd) 95% remote",[145,61,146,147,148,149,150,151,152,153,154,155,156,157,158,159],"Ceph","Proxmox","CheckMK","Prometheus","Grafana","CephFS","RBD","RGW","PostgreSQL","Debian Linux","TLS-Verschlüsselung","VLANs","Firewalls","Routing","Bonding","01.07.2026 – 31.12.2026","Frankfurt Main","permanent","2026-05-27T12:26:41+00:00",{"id":27,"slug":28,"label":29},{"id":166,"slug":167,"title":168,"skills":169,"budget":179,"duration":20,"location":180,"onsitePercent":69,"contractType":162,"foundAt":181,"category":182},6274,"netzwerktechniker-mwd-2","Netzwerktechniker (m\u002Fw\u002Fd)",[116,170,171,172,173,174,175,176,177,178],"Patching","Strukturierte Verkabelung","Glasfaser","Kupfer","CCNA","Rechenzentren","IMAC\u002FR-Services","RSA-Tokens","RMA-Prozesse","30000-40000 EUR pro Jahr","Ingolstadt","2026-05-27T12:16:24+00:00",{"id":27,"slug":28,"label":29},{"id":184,"slug":185,"title":186,"skills":187,"budget":198,"duration":20,"location":199,"onsitePercent":69,"contractType":162,"foundAt":200,"category":201},6269,"regular-technician-mwd","Regular Technician (m\u002Fw\u002Fd)",[188,189,190,191,192,193,194,116,195,196,197],"IT-Support","IT-Rollout","Field Service","Workplace Services","IT-Hardware","Clients","Peripherie","ITSM-System","Hardware-Upgrades","Softwareinstallationen","30000-36000 EUR pro Jahr","Ulm","2026-05-27T11:31:06+00:00",{"id":27,"slug":28,"label":29},{"id":203,"slug":204,"title":205,"skills":206,"budget":20,"duration":20,"location":221,"onsitePercent":69,"contractType":24,"foundAt":222,"category":223},6258,"netzwerkadministrator-mwd-4","Netzwerkadministrator (m\u002Fw\u002Fd)",[207,208,209,210,211,112,212,213,214,215,216,116,158,217,218,81,219,220],"Administration","Automatisierung","Consulting","Fehlerbehebung","Firewall","IT Security","LAN","Migration","Netzwerk","Netzwerkkomponenten","Security","Technischer Support","WAN","WLAN","Erfurt","2026-05-27T11:27:53+00:00",{"id":27,"slug":28,"label":29},{"id":225,"slug":226,"title":227,"skills":228,"budget":20,"duration":20,"location":233,"onsitePercent":23,"contractType":24,"foundAt":234,"category":235},6255,"systemadministrator-mwd-windows-und-linux","Systemadministrator (m\u002Fw\u002Fd) Windows und Linux",[229,80,133,230,207,231,208,232],"Linux","Monitoring","Third-Level-Support","Wartung","Gotha","2026-05-27T11:27:08+00:00",{"id":27,"slug":28,"label":29},{"id":237,"slug":238,"title":239,"skills":240,"budget":20,"duration":20,"location":254,"onsitePercent":23,"contractType":24,"foundAt":255,"category":256},6190,"network-virtualization-engineer-mwd","Network Virtualization Engineer (m\u002Fw\u002Fd)",[241,242,243,244,245,246,247,248,249,250,61,251,252,211,253,158],"NFV","SDN","BGP","OSPF","VLAN","NAT","IPv4\u002FIPv6","VyOS","SONiC","OVN","APIs","Datenmodellierung","Load Balancing","Hamburg","2026-05-27T08:25:48+00:00",{"id":27,"slug":28,"label":29},{"id":258,"slug":259,"title":260,"skills":261,"budget":20,"duration":20,"location":254,"onsitePercent":23,"contractType":24,"foundAt":272,"category":273},6170,"berater-informationssicherheit-mwd","Berater Informationssicherheit (m\u002Fw\u002Fd)",[262,263,264,265,266,267,268,269,270,271],"BSI-Standards","IT-Grundschutz","Schutzbedarfsanalyse","Risikoanalyse","Sicherheitskonzepte","Risikomanagement","HiScout","verinice","BSI-Grundschutzpraktiker","Projektmanagement","2026-05-27T07:26:06+00:00",{"id":27,"slug":28,"label":29},{"id":275,"slug":276,"title":277,"skills":278,"budget":20,"duration":20,"location":288,"onsitePercent":69,"contractType":289,"foundAt":290,"category":291},6169,"werkstudent-it-administration-mwd","Werkstudent IT-Administration (m\u002Fw\u002Fd)",[207,118,279,280,281,282,283,284,285,286,287],"IT-Administration","DATEV","Lexware","Cisco","Sophos","Nagios","PRTG","Fehleranalyse","Netzwerkmanagement","Oststeinbek","temp_work","2026-05-27T07:25:53+00:00",{"id":27,"slug":28,"label":29},{"id":293,"slug":294,"title":295,"skills":296,"budget":304,"duration":20,"location":305,"onsitePercent":69,"contractType":289,"foundAt":306,"category":307},6164,"systemadministrator-mwd-10","Systemadministrator (m\u002Fw\u002Fd)",[297,298,133,299,300,301,302,303,47],"Windows-Administration","Linux-Administration","Netzwerk-Administration","Server-Administration","Virtualisierung","Systemadministration","Datensicherheit","35000-45000 EUR pro Monat","Cottbus","2026-05-27T07:16:35+00:00",{"id":27,"slug":28,"label":29}]