Cyber Detection Engineer (d/f/m)

Job Description:

Airbus Defense and Space is looking for a passionate and talented Cyber Security Detection Engineer to join our international Incident Response Team (CSIRT), in MANCHING.

A mission critical part for us in order to secure our world-class business. This is a technical, hands-on role that will work with a variety of security tools and technologies protecting our whole enterprise.

The successful candidate will be responsible for managing our Cyber Threat Intelligence (CTI) research and Threat Hunting activities, the entire lifecycle of our detection rules repository and SOC automation stack. You will be responsible for technical evolution of our SOC blueprint and managing enhancement projects to integrate new features and solutions into our Security Operation Centers (SOC).

This is a fantastic opportunity to join a team who live and breath for cyber security and to work for a company with great products and technologies around the globe.

Your location

Located about an hour’s drive north of Munich, Manching is an up-and-coming market town that offers a wide range of leisure and cultural activities. Here, you can enjoy the quality of life in the countryside while the pleasures of near-by cities are still within easy reach.

Your benefits

• Attractive salary and special payments

• 30 days paid vacation and extra days-off for special occasions

• Excellent upskilling opportunities and great international, group wide development prospects

• Special benefits: employer-funded pension, employee stock options, discounted car leasing, special conditions for insurances, subsidies for public transport, employee benefits at cooperating companies

• On-site-facilities: Medical officer for check-ups and other health-related services, canteen and cafeteria, kindergarten close to the site   

• Compatibility of family & work (job sharing, part-time models, flexible working hours, individual timeout)

• Working in a diverse environment, with more than 140 nationalities, where every voice is heard

Key Responsibilities:

1. Threat Analysis

• Leverage the organization’s CTI provider as a strategic asset, not just a data source—integrating external intel with internal context to assess real impact and relevance.

• Conduct in-depth analysis of cyber threats (APT groups, malware campaigns, zero-days, etc.) and assess their relevance to Airbus operations, especially the aerospace and defense-related.

• Translate complex threat data into clear, actionable intelligence for technical and non-technical stakeholders.

• Produce regular and ad hoc threat intelligence reports, briefings, and dashboards tailored to specific business units or leadership needs
   

2. Threat Hunting

• Proactively hunt for signs of adversary presence within enterprise environments using threat intelligence, telemetry, and hypothesis-driven methods.

• Design and execute structured threat hunting playbooks based on known TTPs (e.g., MITRE ATT&CK) and emerging threats, enabling consistent, repeatable hunts.

• Develop code-based playbooks (e.g., Jupyter Notebooks or Python scripts) that integrate threat intelligence, log sources, and detection logic—making them reusable by SOC, IR, and detection engineering teams.

• Collaborate with detection engineers to convert hunt findings into long-term detections and SIEM use cases, contributing to continuous monitoring improvements.

• Continuously refine and document hunt processes and hypotheses for knowledge sharing across cyber defense teams.
   

3. Monitoring & Anticipation

• Maintain situational awareness of the evolving threat landscape through open-source intelligence (OSINT), commercial feeds, dark web monitoring, and collaboration with national cybersecurity bodies.

• Detect and flag early indicators of potential cyber campaigns targeting aerospace or defense sectors.

• Assist in the development and fine-tuning of detection rules and alerts for monitoring security systems (e.g., SIEM, EDR).

• Contribute in the specification of telemetry log sources and data normalization for its processing in Cyber Detection.

• Develop tools and techniques to identify patterns and anomalies in network traffic, system logs, and application data that could indicate security incidents (Threat Hunting).

• Implement adversary emulation tests to assess the quality of the detection rules
   

4. Stakeholder Engagement

• Build relationships with external CTI peers in industry and government to share best practices, TTPs (tactics, techniques, procedures), and threat actor profiles.

• Ensure timely and accurate dissemination of threat data to internal stakeholders across the organization, including CISO-level reports.

5. Rapid Response Enablement

• Design and maintain workflows for the rapid delivery of intelligence to incident response and risk teams, enabling faster decision-making and containment.

• Support post-incident analysis by enriching forensic investigations with relevant threat intelligence context.
   

Required Skills:

• Technical Skills:

  • Understanding of security tools such as EDR, Windows Logging,  firewalls, intrusion detection/prevention systems (IDS/IPS)..

  • Deep knowledge of Operating System insights (Windows/Linux)

  • Experience with Python is a requirement, PowerShell/Bash are a plus.

  • Understanding of DevOps, git..
     

• Analytical Skills:

• Strong knowledge of threat actor tactics, techniques, and procedures (TTPs) and frameworks like MITRE ATT&CK, Kill Chain, and Diamond Model.

• Proficiency with SIEM tools (e.g., Splunk, ELK), threat intelligence platforms (e.g., MISP, ThreatConnect), and endpoint detection tools (e.g., EDR/XDR).

• Experience building code-based hunting or automation playbooks (e.g., Python, Jupyter Notebooks, PowerShell).

• Familiarity with scripting or automation for IOC enrichment, API integrations, and telemetry analysis.

• Ability to correlate multiple data sources and pivot across logs, alerts, and CTI for deeper investigation.

• Understanding of threat modeling, detection engineering, or purple teaming is a plus.
   

• Fluent written and spoken in English and German are a must

Not a 100% match? No worries! Airbus supports your personal growth with customized development solutions.

Take your career to a new level and apply online now!

This job requires an awareness of any potential compliance risks and a commitment to act with integrity, as the foundation for the Company’s success, reputation and sustainable growth.

Company:

Airbus Defence and Space GmbH

Employment Type:

Permanent

-------

Experience Level:

Professional

Job Family:

Cyber Security

By submitting your CV or application you are consenting to Airbus using and storing information about you for monitoring purposes relating to your application or future employment. This information will only be used by Airbus.
Airbus is committed to achieving workforce diversity and creating an inclusive working environment. We welcome all applications irrespective of social and cultural background, age, gender, disability, sexual orientation or religious belief.

Airbus is, and always has been, committed to equal opportunities for all. As such, we will never ask for any type of monetary exchange in the frame of a recruitment process. Any impersonation of Airbus to do so should be reported to emsom@airbus.com.

At Airbus, we support you to work, connect and collaborate more easily and flexibly. Wherever possible, we foster flexible working arrangements to stimulate innovative thinking.