Senior SOC Engineer (m/f/d) – Focus SIEM (Splunk / Microsoft Sentinel)

q.beyond AG is a leading German IT service provider. Our 1,100 employees with expertise in cloud, SAP, Microsoft, data intelligence, security and software development support our SME customers in their digital transformation.
Design future-proof IT solutions with us as Senior SOC Engineer (m/f/d) – Focus SIEM (Splunk / Microsoft Sentinel) at one of our locations:

• Operation, maintenance, and further development of our SIEM landscape (Splunk and Microsoft Sentinel)
• Development, implementation, and tuning of use cases, correlations, and detection rules
• Integration of new log sources (e.g., firewalls, EDR, cloud, identity systems)
• Automation and optimization of processes in security monitoring and incident response
• Support SOC analysts in investigations and incident handling
• Contribute to the further development of our use case catalog and detection framework
• Monitoring, troubleshooting, and performance optimization of the SIEM infrastructure
• Close collaboration with our analyst team

• Several years of experience in SOC or SIEM environments
• Excellent knowledge of Splunk (Search Processing Language, CIM, dashboards, apps)
• Experience with Microsoft Sentinel and KQL (Kusto Query Language)
• Solid expertise in onboarding log sources (Syslog, CEF, API, agent-based)
• Experience in developing detection rules and use cases
• Good understanding of network, Windows, Linux, and cloud logs
• Knowledge of scripting/automation (Python, PowerShell, REST API) is an advantage
• Analytical thinking, structured work approach, and enjoyment of teamwork
• Fluent in German (C1) and English (B2)