SOC Engineer

You may choose to display a cookie banner on the external site. You must specify the message in the cookie banner and may add a link to a relevant policy. If you are unfamiliar with these requirements, please seek the advice of legal counsel.**Stelleninhalte****MISSION:** Ensure EMG’s digital assets, cloud platforms, applications, infrastructure, APIs, and data ecosystems are continuously monitored, protected, and defended against cyber threats.

The SOC Engineer is responsible for:

• Building and tuning security detections
• Operating EMG’s SIEM/SOAR platforms (Splunk, cloud-native tools)
• Handling cyber investigations and forensics activities
• Enhancing visibility across cloud, on-prem, and application layers
• Supporting threat hunting, response, and vulnerability remediation
• Ensuring alignment with EMG security policies, CISO directives, and regulatory obligations

This role is essential for maintaining EMG’s cybersecurity resilience in a hybrid and modernized technology landscape.**MAIN RESPONSABILITIES:****1. Security Monitoring & Detection Engineering** ● Develop and maintain detection rules, dashboards, alerts, correlation logic, and analytics within:

• Splunk (SIEM)
• SOAR (such as n8n)* cloud-native SIEM/SOC tools* endpoint detection tools (EDR/XDR)* identity logs● Build detections and emerging threat patterns. ● Configure, monitor and troubleshoot security infrastructure devices and services such as EDR, DLP or CASB ● Identify opportunities for, and promote automation and new technical solutions and security tools to help mitigate security vulnerabilities and improve efficiency**2. Incident Investigation & Threat Response** ● Perform L3 investigation of security alerts, including:* anomalous authentication events* suspicious network activities* endpoint compromises* cloud misconfigurations
• API misuse or credential abuse● Execute containment and remediation actions in collaboration with cybersecurity teams, IT Ops and Engineering teams ● Produce clear incident reports and contribute to RCA and continuous improvement. ● Establishing disaster recovery procedures and conducting breach of security drills.**3. Threat Hunting** ● Conduct proactive threat hunts using:* log patterns* anomalous behavior detection* threat intel feeds* historical investigations* cloud & API-specific threat vectors● Identify gaps in security visibility and propose instrumentation improvements.**4. Security Logging & Observability Integration** ● Ensure complete and reliable logging coverage across:
• Cybersecurity tools (EDR, DLP, etc.)
• APIs* cloud workloads* network traffic* databases
• CI/CD systems (Git

Lab)● Work with Observability teams to ensure correlated visibility (Dynatrace + Splunk).**5. Vulnerability & Attack Surface Support** ● Support vulnerability management by correlating findings with real activity logs.● Validate remediation and track exploitation attempts related to EMG systems. ● Assist IT Ops and Engineering teams to prioritize and mitigate vulnerabilities.**6. Cyber Security Controls Validation** ● Validate enforcement of cybersecurity standards (E.g., Zero Trust, MFA, encryption, identity governance). ● Test security controls effectiveness through simulations or red-team collaboration.**7. Documentation, Playbooks & Knowledge Sharing** ● Maintain SOC runbooks, response playbooks, detection documentation, and forensic procedures. ● Identify and communicate current and emerging security threats**8. Collaboration Across IT & Business** ● Work closely with:

• CISO (governance, escalation, risk alignment)
• Cybersecurity Architecture Manager
• IAM teams
• Cloud & Production Services
• Network & Infrastructure Ops
• Domain Engineering Teams● Ensure consistent communication and coordination during incidents and monitoring activities.**IDEAL EXPERIENCE:**
• 3-8 years in SOC, security operations, detection engineering, incident response, or cyber defense roles.
• Hands-on experience with Splunk SIEM, SOAR tools, EDR/XDR, and cloud logging.
• Understanding of cloud security (AWS/GCP), API security, microservices architecture.**SKILLS & COMPETENCIES:**
• Strong log analysis, correlation, and detection engineering ability.
• Understanding of attacker techniques, threat vectors, malware behavior, identity attacks.
• Ability to operate during high-pressure security incidents.
• Knowledge of IAM flows, network security, and container security.**OTHER PERSONAL CHARACTERISTICS:**
• Analytical, methodical, and rigorous.
• Calm under pressure; reliable during crises.
• Highly ethical and trustworthy.
• Curious and proactive in threat intelligence and detection improvement.
• Risk-oriented: ability to detect, assess risks, and propose realistic solutions
• Business-focused: ability to understand business priorities**Europcar Mobility Group**Die Europcar Mobility Group ist ein globaler Mobilitätsanbieter mit 75 Jahren Erfahrung im Bereich Mobilitätsdienstleistungen und einer führenden Position in Europa. "We help to change the way you move" ist das, wofür wir stehen und was uns zusammenbringt.

Wir bieten Geschäfts- und Privatkunden eine breites Angebot an Autos und Transportern, sei es für ein paar Stunden, ein paar Tage, eine Woche, einen Monat oder länger, "on demand" oder im Abo. Dabei setzen wir auf eine Flotte von mehr als 250.000 Fahrzeugen, die mit der neuesten Technologie ausgestattet sind, darunter ein wachsender Anteil an Elektrofahrzeugen.

Unsere Marken sprechen unterschiedliche Bedürfnisse und Erwartungen an: Europcar - unser Premiumangebot –, und Goldcar – die smarte Alternative mit einem hervorragenden Preis-Leistungs-Verhältnis. Nicht zu vergessen Fox-Rent-A-Car, unser lokaler Champion in den USA. Die Zufriedenheit der Kunden steht im Mittelpunkt unserer Ambitionen und ihrer mehr als 8.000 Mitarbeiter, die dank eines starken Netzes in über 130 Ländern unsere Mobilitätsdienst-leistungen anbieten.

Mehr Informationen unter:

#J-18808-Ljbffr