Security Operations Engineer

Develop and maintain integrations across Microsoft Defender XDR, Microsoft Sentinel, Microsoft Entra, and other security platforms. Build and optimize detection logic including KQL queries, analytics rules, watchlists, and workbooks. Engineer and manage data pipelines for log ingestion, enrichment, normalization, and third‑party connector integrations. Develop automation and SOAR playbooks using Logic Apps to streamline response, enrichment, and workflow processes. Create and maintain internal tooling using PowerShell, Python, Microsoft Graph API, and Defender APIs. Monitor and optimize platform health, ensuring data quality, connector reliability, and ingestion performance. Implement detection engineering lifecycle management (tuning, validation, versioning, monitoring). Collaborate with cross‑functional teams (SOC, Cloud, Infrastructure) and provide documentation, standards, and enablement.

Stadler bietet vielseitige Möglichkeiten für eine internationale Karriere. Bei Stadler bekommst du die Chance, über dich hinaus zu wachsen, Verantwortung zu übernehmen und grossartige Leistungen im Team zu erbringen. Wir sind auf der Suche nach motivierten Talenten, die mit uns die Zukunft der Mobilität gestalten möchten. Bist du bereit, um mit uns grossartige Dinge zu erreichen?

• 3–5+ years in Security Operations, Endpoint Security, and Vulnerability Management

• Strong knowledge of Microsoft Defender's Security Portfolio's and Cloud Native Azure Security

• Familiar with CIS benchmark, CVSS, MITRE ATT&CK;, NIST; scripting (PowerShell/KQL) is a plus

• Comprehensive knowledge of Microsoft and Linux operating systems, enabling effective endpoint security, monitoring, and incident response including hardening

• Certifications like SC-200, AZ-500 are an advantage

• Analytical, structured, and communicative team player