Detection Engineer

About the Job

Join theAllianz Cyber Defense Center (ACDC) as part of our growing Detection Engineering team. You'll design and build the detection logic that powers our 24/7 monitoring across Google SecOps (Chronicle) and CrowdStrike Falcon, sitting at the intersection of threat intelligence and security operations. Your work will directly shape what we see — and what we catch — across one of the world's largest financial services groups.

What you do

• Own the full detection use case lifecycle: from L1 (threat concept) through L2 (attack vector) to L3 (production\-ready monitoring rule).


• Design, develop, and maintain detection content in Google SecOps (YARA\-L) and CrowdStrike Falcon, aligned with our logging telemetry.


• Map detections to the MITRE ATTCK framework, continuously assessing coverage and performing gap analyses to prioritize new use cases.


• Tune detections iteratively to minimize false positives while preserving fidelity — a key KPI for ACDC.


• Write clear use case specification documents covering systems in scope, logging requirements, threat descriptions, and expected analyst response.


• Collaborate closely with SOAR / automation engineers and CTI to ensure detections feed cleanly into playbooks and reflect current threat reporting.


• Validate detections through purple\-team exercises and adversary emulation (Atomic Red Team, Caldera) using a Detection\-as\-Code mindset.

• 3\+ years of hands\-on experience in detection engineering, SOC engineering, threat hunting, or a closely related security operations role.


• Demonstrable experience writing and tuning detection content in a modern SIEM (Google SecOps / Chronicle YARA\-L preferred; Splunk SPL, Sentinel KQL, or Elastic EQL also valued).


• Working knowledge of EDR platforms, ideally CrowdStrike Falcon (custom IOAs, event search, Falcon Query Language).


• Strong, practical understanding of the MITRE ATTCK framework and how to apply it to detection design and coverage analysis.


• Solid grasp of attacker tradecraft across Windows, Linux, cloud (AWS / Azure / GCP), and identity (Active Directory, Entra ID).


• Comfort with at least one scripting or query language (Python, PowerShell, SQL, regex) and familiarity with Detection\-as\-Code workflows (Git, CI/CD).


• Clear written communication in English (team working language) — you can explainwhy a detection exists,what it catches, andhow an analyst should triage it.

What we offer

• We offer a hybrid work model which recognizes the value of striking a balance between in\-person collaboration and remote working incl. up to 25 days per year working from abroad.


• We believe in rewarding performance and our compensation and benefits package includes a company bonus scheme, pension, employee shares program and multiple employee discounts (details vary by location).


• From career development and digital learning programs to international career mobility, we offer lifelong learning for our employees worldwide and an environment where innovation, delivery and empowerment are fostered.


• Flexible working, health and wellbeing offers (including healthcare and parental leave benefits) support to balance family and career and help our people return from career breaks with experience that nothing else can teach.

About Allianz Technology

With its headquarters in Munich, Germany, Allianz Technology is Allianz's global IT service provider and delivers IT solutions that drive the group's digitalization. With more than 11,000 employees in over 20 countries around the world, Allianz Technology is tasked to run, optimize, transform and innovate the infrastructure, applications and services together with Allianz companies to co\-create the best customer experience.

We service the entire spectrum of digitalization – from one of the industry's largest IT infrastructure projects that spans data centres, networks and security, to application platforms ranging from workplace services to digital interaction.

In short: We deliver comprehensive end\-to\-end IT solutions for Allianz in the digital age. We are the backbone of Allianz.

Find us at: www.linkedin.com/company/allianz\-technology.

Commitment to Integrity, Fairness Inclusion

Allianz Group is one of the most trusted insurance and asset management companies in the world. Caring for our employees, their ambitions, dreams and challenges, is what makes us a unique employer. Together we can build an environment where everyone feels empowered and has the confidence to explore, to grow and to shape a better future for our customers and the world around us.

We at Allianz believe in a strong inclusive culture that encourages people to speak their minds, get involved and question the status quo. We are proud to be an equal opportunity employer and encourage you to bring your whole self to work, no matter where you are from, what you look like, who you love, or what you believe in. We therefore welcome applications regardless of race, ethnicity or cultural background, age, gender, nationality, religion, social class, disability, sexual orientation, or any other characteristics protected under applicable local laws and regulations.

To Recruitment Agencies

Allianz Technology has an in\-house recruitment team that sources great candidates directly. Therefore, Allianz Technology does not accept unsolicited resumes from agencies or search firm recruiters.

When we do work with recruitment agencies, that engagement is formalized by a contract. Fees will only be paid when there is a contract in place. Without a contract in place, we will not accept invoices on unsolicited resumes, even if the candidate was ultimately employed by Allianz.

100164 \| Ingeniería informática y tecnológica \| Profesional / Senior \| Non\-Executive \| Allianz Technology \| Jornada completa \| Indefinido

Este anuncio proviene de indeed. Ver anuncio original ↗