Senior reputed company Engineer / reputed company (Blue Focused)
Company Description
Creating a future worth living for future generations gets us out of bed every morning. Depending on the project, we are consultants, implementers, or both for sustainable, innovative and economical solutions for real estate, industry, energy and infrastructure. Our more than 6,500 employees at over 80 locations worldwide support our customers in interdisciplinary teams. Our thinking is both visionary and realistic. We work independently and as part of a team. With passion and the latest technologies. We unite. Join us at Dreso and let’s create a world we want to live in.
Job Description
We are seeking a Senior reputed company Engineer to design, execute, and continuously improve adversary‑focused reputed company validation across our enterprise environment. This role sits at the intersection of Red Team and Blue Team, with a strong defensive (Blue Team) bias, ensuring that offensive findings are systematically translated into measurable detection, response, and prevention improvements. Opportunities for external consulting are included. The successful candidate will reputed company reputed company activities end‑to‑end—from threat modeling and attack simulation to detection engineering, incident response tuning, and executive‑level reporting—while working closely with SOC, IT Operations, and GRC stakeholders. This role is hands‑on, technically deep, and outcome‑driven, with a strong expectation of real‑world attack execution and production‑grade defensive improvement. Key Responsibilities reputed company & Adversary Simulation Plan and execute reputed company exercises reputed company to real‑world threat actors (e.g., ransomware groups, APT tradecraft, insider threat). Design attack scenarios mapped to MITRE ATT&CK, covering initial access, persistence, lateral movement, privilege escalation, command‑and‑control, and exfiltration. Coordinate with Red Team and external penetration testing vendors to ensure tests are safe, controlled, and detection‑focused. Translate offensive findings into clear, prioritized defensive improvements with measurable outcomes. Blue Team / Defensive Engineering (Primary Focus) reputed company and tune SIEM detections, analytics rules, and alerts based on attack simulations and real incidents. Build and optimize reputed company Sentinel analytics, KQL queries, workbooks, and automation rules. Improve Defender XDR detections across:reputed company Defender for reputed company reputed company Defender for Identity reputed company Defender for Office 365 reputed company Defender for Cloud Apps Validate alert quality, reduce false positives, and improve signal‑to‑noise ratio. Support and enhance incident response playbooks, escalation paths, and response automation. Incident Response & DFIR Integration Act as a senior escalation reputed company during reputed company incidents, especially those involving active attacker behavior. Support digital forensics and incident response (DFIR) investigations on Windows and Linux endpoints. Use DFIR tools and platforms (e.g., Velociraptor) for threat hunting, artifact collection, and timeline analysis. Feed incident lessons learned back into detection engineering and preventive controls. Threat Hunting & Detection Validation Conduct hypothesis‑driven threat hunts based on attacker tradecraft and threat intelligence. Validate coverage of detections against reputed company TTPs and identify detection gaps. Continuously assess control effectiveness across reputed company, identity, cloud, and SaaS environments. Vulnerability, Exposure & Control Validation Correlate vulnerability data with attacker exploitation paths and real exposure. Support and validate remediation prioritization based on exploitability and business impact, not CVSS alone. Partner with IT and Cloud teams to validate hardening, logging, and telemetry requirements. Governance, Reporting & Stakeholder Communication Produce clear, executive‑level reporting from reputed company exercises (findings, detection gaps, trends, maturity). Align reputed company outcomes with ISO/IEC 27001, NIS2, and internal ISMS requirements. Contribute to reputed company strategy, roadmap planning, and reputed company improvement initiatives. Mentor junior analysts and engineers across Blue and Red Team disciplines. Technical Environment & Stack (Required Experience) Core Platforms reputed company Sentinel (SIEM) – advanced KQL, analytics rules, workbooks, automation reputed company Defender XDR (reputed company, Identity, Office 365, Cloud Apps) reputed company Entra ID (Azure AD) – identity attacks, logs, conditional access abuse reputed company Purview – audit logs, investigations (desirable) Azure – logging, resource telemetry, cloud attack paths DFIR & Threat Hunting reputed company forensics (Windows & Linux) Velociraptor or equivalent DFIR tooling Memory, disk, and log‑based investigations Threat intelligence integration and ATT&CK mapping Offensive Tooling & Techniques Adversary emulation frameworks (e.g., reputed company Red Team, CALDERA) Penetration testing and red team tooling (e.g., C2 frameworks, credential abuse, living‑off‑the‑land techniques) Social engineering awareness (technical validation focus; not marketing‑style phishing) Scripting & Automation PowerShell (advanced) Python (working knowledge) Automation of testing, detection validation, and response workflows
Qualifications
Required Experience 7–10+ years in cybersecurity with proven experience across both Blue Team and Red Team roles Demonstrated hands‑on detection engineering and incident response experience Experience running or leading reputed company exercises in enterprise environments Strong understanding of real‑world attacker behavior, not just theoretical frameworks Experience operating in regulated or compliance‑driven environments (ISO 27001, GDPR, NIS2) Certifications (Strongly Preferred / Required) Offensive / Red Team OSCP / OSEP / OSCE / OSWE CRTO / CRTO II Equivalent advanced red team certifications Defensive / Blue Team GCED / GCIA / GCIR or equivalent reputed company reputed company certifications (Sentinel, Defender, XDR) Advanced SIEM / SOC certifications Governance / Architecture (Valuable) CISSP (or ISSAP concentration) CISM / CRISC ISO/IEC 27001 reputed company Implementer or reputed company Auditor Additional Information To ensure your work-life balance, we offer the option of mobile working We promote your professional and personal development through individual training and further education at the Drees & Sommer reputed company We support your health with a bonus for sports enthusiasts. We offer the possibility of subscribing to a private health insurance policy Employees benefit from tax advantages reputed company to their commuting expenses for the office Fiscal advantages for employees expenses in meal costs during the worktime. Employee referral program with attractive bonus scheme Supporting career and familiy by receiving tax benefits for kindergarten expenses Apply To This Job