Join a global leader in medical education, innovation, and research, where your expertise helps shape the future of security operations. You will play a key role in automating and advancing security processes, ensuring scalable and efficient protection for a diverse and international organization dedicated to improving patient care.

• Develop and maintain automated SOC Level 1 and Level 2 runbooks and playbooks using Logic Apps, Power Automate, and AI Foundry components
• Engineer detection rules, workbooks, and playbooks in Microsoft Sentinel and Microsoft XDR platforms
• Integrate and optimize Microsoft Defender for Endpoint, Identity, Cloud, and Office 365 within the XDR framework
• Apply AI-driven threat detection and response using Microsoft Copilot for Security and related tools
• Collaborate with internal teams and external partners to embed security into CI/CD pipelines and IT delivery models
• Provide SOC Level 3 support for complex incidents, including forensic analysis and threat containment
• Contribute to the DevSecOps organization
• Support the implementation of an ISO 27000-aligned ISMS and assist with governance and compliance efforts

• Bachelor's degree in Information Technology, Computer Science, or related field
• 5 years of professional experience in a relevant field
• At least 2 years of hands-on experience with SOC Level 1 and Level 2 operations and Level 3 incident response
• Programming skills in Python or Powershell
• Deep familiarity with Microsoft security products, including Microsoft Sentinel, Defender XDR components, and KQL
• Strong understanding of Azure infrastructure, identity, and security architecture
• Understanding of security baselining, network hardening, and zero trust principles
• Ability to work in a cross-functional DevSecOps environment
• Fluency in English; fluency in German or other languages is an added value
• Preferred: Microsoft certifications in security technologies (e.g., SC-200, SC-300)
• Preferred: Experience with agentic AI standards and responsible AI practices
• Preferred: Familiarity with governance models and risk assessment frameworks
• Preferred: Understanding of structured threat intelligence and enrichment workflows
• Preferred: Familiarity with MITRE ATT&CK mapping and detection coverage assessments
• Preferred: Familiarity with detection-as-code pipelines and version control systems
• Preferred: Familiarity with Web Application Firewall (WAF) principles and rule tuning

• An interesting and varied job in an innovative organization
• Opportunity to be part of a highly committed international team
• Modern infrastructure
• High degree of flexibility regarding working hours and location (depending on operational requirements)
• Generous package of social benefits, including supplementary vacation days and pension scheme contributions
• Internal skills training opportunities and support for continued education