CYBER DEFENSE CENTER DETECTION ENGINEER FOR OPERATIONAL TECHNOLOGY (OT) (M/F/D)

The Cybersecurity Defense Center (CDC) is a global organization within Siemens consisting of regionally aligned teams across Germany, Portugal, Spain, Switzerland, United States, Mexico, and China.
CDC offers security monitoring and threat detection services.
The main objective of the CDC is to attempt to keep Siemens protected by preventing the materialization of threats and minimizing any adverse reputational and financial impact.
The CDC portfolio enables identification and initial response to a range of threat actors, from commodities to nation state-backed actors.
As the frontline resource for monitoring, detecting, alerting, hunting, and responding to threat actors – the CDC provides deep expertise in defending against a wide range of threat actor tactics, techniques, and procedures.
Position Overview.
In this position, the Detection Engineer for Operational Technology (OT) will be part of the CDC for Europe and will be part of the CDC OT team split between Europe and America.
Using Threat Intelligence and the visibility within the OT environment blend engineering and analysis to identify and implement use cases in detection tools.
What are my responsibilities? Coordinate with Cyber Defense Analysts to manage and administer the updating of rules and signatures (e.
., intrusion detection systems, content white/blacklists, SIEM rules) for specialized cyber defense in OT environments.
Use data sources, event pipelines, correlation and enrichment in the SIEM to create detections.
Ensure detection capabilities are developed consistent with organization-level cybersecurity architecture.
Perform analysis of log files from a variety of sources (e.
., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security.
Perform event correlation using information gathered from a variety of sources to gain situational awareness and determine the effectiveness of an observed attack.
Validate intrusion detection system (IDS) alerts against network traffic using packet analysis tools.
Coordinate with intelligence analysts to correlate threat assessment data.
Improve detection capabilities.
Analyze data sources to provide actionable recommendations.
Maintain Attack detection use cases and data sources.
Review adversaries’ tactics, techniques, procedures, and threat data to develop use-cases for attack detection in the OT environments.
Support threat detection and hunting using multiple kinds of data sources and develop detection analytics.
Review threat data from various sources, develop custom signatures and use-cases for attack detection.
Engineer and tune detection rules Analyze network traffic from production environments.
Cooperate with the infrastructure team to further develop the CDC OT detection capabilities.
Knowledge of collection systems, capabilities, and processes.
What do I need to qualify for this job? 3+ years professional experience in security monitoring/security operations center environment (SOC), investigating security events, handling incidents, threats and/or vulnerabilities.
Interest in industrial cybersecurity.
Previous knowledge in OT environments preferred, but not required.
University degree in computer science, IT security or related fields and cybersecurity certifications are a plus (GCIH, GCFA, GNFA, GCTI, GREM or similar) Strong understanding of enterprise detection & response, network traffic analysis and intrusion detection.
Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities.
Ability to think like threat actors.
Working knowledge of SIEM platforms with experience in use case development.
Proficient in written and spoken English.
Good interpersonal skills and attention to detail.
Other languages are a plus.
Team player, able to collaborate with others remotely.
Proactive, customer oriented, self-initiative and ability to work independently.
What makes us proud as an employer.
Top Companies to work in (by LinkedIn) World's Best Employer st place in the Engineering and Production category (by Forbes) Among the most attractive companies to work in (ranking of Universum) Company with the best reputation in the Technological/Industrial sector in (according to the Merco Empresas study) We’ve got quite a lot to offer.
How about you? This role is open to be hired in Portugal and Spain.
Please send your CV in English, otherwise your application will not be considered.
Siemens is committed to creating a diverse environment and is glad to be an equal opportunity employer.
We strongly encourage applications from a diverse talent pool! #LI-DL #hybrid