Detection and Response Engineer (m/f/d)

Company Description

METRO is a leading international food wholesaler which specialises in serving the needs of hotels, restaurants, and caterers (HoReCa) as well as independent merchants (Traders). Around the world, METRO has approx. 15 million customers who benefit from the wholesale company’s unique multichannel mix: customers can purchase their goods in one of the large stores in their area as well as by delivery (Food Service Distribution, FSD) – all digitally supported and connected. In parallel, METRO MARKETS is being developed as an international online marketplace for the needs of professional customers which has been growing and expanding continuously since 2019. Acting sustainably is one of the company principles of METRO which has been listed in various sustainability indices and rankings, including MSCI, Sustainalytics and CDP. METRO operates in more than 30 countries and employs over 85,000 people worldwide. In financial year 2023/24, METRO generated sales of €31 billion.

At METRO, we have set ourselves ambitious goals with our “sCore” growth strategy which is closely accompanied by our Fundamentals. These shared values provide us with rules of conduct that are binding for everyone at METRO, in all countries and companies. Our commitment to wholesale is at the forefront of our mission, and we are constantly striving to improve. With our ONE METRO spirit, everyone stands together, bringing curiosity, determination, courage, drive, commitment, and trust. Find out more about METRO at careers.metroag.de. 

Job Description

...to oversee and drive the development, maintenance, and strategic direction of Detection and Response capabilities within the METRO AG. The role serves as a central role responsible for defining the Security Operations Center (SOC)engineering capabilities, prioritizing features, gathering requirements, and ensuring that SOC align with business objectives and related compliance and information security requirements.

You will be part of a team that is responsible to establish METRO AG wide Detection and Response capabilities to safeguard METRO AG´s assets and to ensure timely detection and response to cyber security threats and incidents.

Your tasks:

• Evaluate and design cyberdefense capabilities and target architecture to ensure they align with the best practices and security standards, as well as fit in overall METRO AG architecture and Cyber Security strategy.
• Collaborate with Security Architecture team and other stakeholders, to develop and maintain the advanced threat detection and mechanisms to protect METRO AG’s assets effectively.
• Oversee the scope, coverage and performance of the METRO AG SOC tools and technologies, including SIEM, SOAR, identities, network and endpoint detection and response capabilities to protect the METRO AG assets.
• Collaborate and provide business and technical expertise to MSSP Engineers to optimize the MSSP service delivery scope, coverage, and quality.
• Develop and implement automation workflows to enhance METRO AG’s SOC efficiency and response times.
• Mentor Detection and Response team and facilitate knowledge sharing to improve the overall expertise of the Detection and Response team.

Qualifications

• Educational Background: A degree related to cybersecurity or a relevant field is required.

• Experience: A minimum of 3 years of hands-on experience in cyber security and threat detection is essential.

• Advanced Threat Detection Expertise: Demonstrated deep knowledge of advanced threat detection mechanisms and the ability to stay up-to-date with evolving threat landscapes. This includes a thorough understanding of emerging threats, attack vectors, and countermeasures.

• SOC Tools and Technologies: Proficiency in utilizing Security Operations Center (SOC) tools and technologies, including SIEM (Security Information and Event Management), SOAR (Security Orchestration, Automation, and Response), identities management, network detection, and endpoint detection. Familiarity with SIEM tools such as Splunk, Google SecOps, Azure Sentinel as well as EDR tools like Crowdstrike or Microsoft Defender is essential.

• MSSP Collaboration: Familiarity with Managed Security Service Provider (MSSP) standards and practices, including the ability to collaborate effectively with MSSP engineers. This collaboration should involve aligning strategies and ensuring the integration of MSSP services with in-house security operations.

• Automation Proficiency: Proven experience in implementing automation workflows within the context of cybersecurity. This includes streamlining and optimizing security processes, enhancing incident response, and leveraging automation for improved threat detection and mitigation.

Additional Information

What we offer:

• To be part of a fast-growing international team that has significant scaling ambitions across multiple markets.
• Work-Life Balance: Trusted working hours, 30 days of vacation and home office options
• Further training: A comprehensive further training offer over an own training team.
• Well-being: Health programs, a free fitness studio on our campus and regular employee events
• Comfort: Very good public transport connections and free parking spaces including charging facilities for e-mobility. A canteens with a varied selection of meals and discounts in our stores and at many partner companies