Leading Associate Vice President - Incident Response Engineering Manager [T500-21575]

About Deutsche Börse Group :

Headquartered in Frankfurt, Germany, Deutsche Börse Group is a leading international exchange organization and market infrastructure provider. They empower investors, financial institutions, and companies by facilitating access to global capital markets.

Their India centre is located in Hyderabad, serves as a key strategic hub and comprises India’s top-tier tech talent. They focus on crafting advanced IT solutions that elevate market infrastructure and services. Deutsche Börse Group in India is composed of a team of capital market engineers forming the backbone of financial markets worldwide.

Your responsibilities :

Lead SOC team and ensure adherence to quality standards and SLAs defined with regards to alerts handling activities

Maintain 24x7 shifts ensuring service continuity and effective cooperation across all team members

Ensure escalation to CERT with undue delay for all alerts potentially leading to incidents

Identify and propose adjustments / improvements on SOC runbooks based for example on false positives, tuning of SIEM use cases and audit findings.

Engagement with internal IT functions might be required to fill the identified gaps (e.g. lack of details in asset inventory) in the alert handling process.

Identify and propose adjustments / improvements on SIEM UCs based for example on false positives reported by SOC and audit findings

Quality check and end-to-end testing of SOC runbooks

Preparation for audits (evidence / requests handling) and attendance

Attendance to regular calls with SOC Service Manager

Participating in Blue / Red teams exercise to test and improve our monitoring and response capabilities

Your profile :

Solid experience in a CERT or SOC team with SIEM alerts handling, workflow design and runbook preparation.

Knowledge of cyber threats and vulnerabilities : how to properly identify, triage, and remediate threats based on threat intelligence as well as on analysis of security events, log data and network traffic.

Expert working knowledge of technical and organizational aspects of information security, e.g., through prior defensive or offensive work experience

Solid understanding of cyber threats and MITRE ATT&CK framework

Deliverable-oriented, with strong problem-solving skills and adaptation to complex and highly regulated environment

Team player willing to cooperate with multiple colleagues across office locations in a cross-cultural environment

Good report-writing skills to present the findings of investigations

Available during the working hours (Mo-Fr) + on-call duty

Fluent in spoken and written English, including security terminology; proficiency in German is a plus

13+ years of professional experience in the cyber security fields

Strong assets :

Willingness & ability to take the lead on complex Cyber Security investigations supporting CERT lead

Development of automation of various CERT / SOC processes via SOAR solution

Red Teaming / Purple Teaming exercises

Background in Malware Analysis, Digital Forensics and / or Cyber Threat Intelligence

Experience in Threat Hunting including the ability to leverage intelligence data to proactively identify and iteratively investigates suspicious behavior across networks and systems

Script Development (e.g. Python, Shell scripting)

Cloud Security expertise (primarily GCP and Azure)

Vulnerability Handling / Management

Relevant Industry Certifications such as SANS / GIAC (e.g., GCIA, GCIH, GNFA, GCFA), CompTIA (Security+, Cloud+, PenTest+), OSCP, eLearnSecurity are desirable.