Security Analyst

• Respond to security incidents according to the security incident response policy and procedures
• Provide technical guidance to first responders for handling information security incidents
• Offer timely and relevant updates to appropriate stakeholders and decision makers
• Communicate investigation findings to relevant stakeholders to help improve the information security posture
• Validate and maintain incident response plans and processes to address potential threats
• Compile and analyze data for management reporting and metrics
• Monitor relevant information sources to stay up to date on current attacks and trends
• Analyze potential impact of new threats and establish new use cases together with security platform engineers
• Perform or participate in root-cause analysis to document findings, and participate in root-cause elimination activities as required
• Create runbooks for frequently occurring incidents to automate or assist with the resolution of those cases
• Develop new use cases to further improve capabilities
• Expand the reach of existing tooling by onboarding new data sources and systems
• Work in close partnership with infrastructure teams, information security officer, and colleagues from the REWE Digital SOC
• Support an open feedback culture and a forward-looking error culture
• Identify potential security risks and forward them to the necessary authorities

• At least 3+/5+/8+ years of relevant professional experience as a security analyst or similar role in a security operation center
• Successfully completed studies in relevant fields or comparable hands-on training
• Certified Information Systems Security Professional (CISSP) and/or Global Information Assurance Certification (GIAC) would be a benefit
• Experience in problem-solving and conflict resolution in complex corporate structures
• Strong problem-solving and troubleshooting skills
• Ability to work well under pressure while maintaining professionalism
• Ability to perform independent analysis of complex problems and distill relevant findings and root causes
• Strong decision-making capabilities, with the ability to weigh costs and benefits of potential actions
• Knowledge of frameworks and standards in the SOC environment such as Cyber Kill Chain, MITRE or similar
• Proven record in using SIEM solutions, XDR, EDR, NDR, and PAM
• Technical knowledge of products like Splunk, SentinelOne, Proofpoint, Cyberark is advantageous
• Expertise in network security, including VPN, firewall, web server security, and Cloud
• Specific OT and IoT knowledge are considered a plus
• Knowledge of at least one scripting language (e.g. Perl, Python, PowerShell)
• Precise, responsible mindset with reliability
• Excellent presentation and moderation skills
• Entrepreneurial mindset with strong analytical and conceptual skills
• High proficiency in spoken and written English
• Willingness to learn the local language

• Long-term, interesting, and varied work for a reliable employer in a supportive team
• Family-friendly company culture with flexible working hours and remote working options available
• Staff shopping and travel discounts
• Numerous training and further development opportunities within the Group
• On-site parking
• A lunch allowance
• An attractive and performance-related annual gross salary from EUR 45,100

No matter where you are in your career, we have a path for you. Whether you're looking for your first job, advancement in your field, or a new career shift. We're proud to employ great people who are passionate about their jobs. But they're all different. No matter who you are, what you need and where you're going, REWE Group can be a part of it.

Please upload your resume to give us insight of your work experience - anonymously if you like

We promote a diverse and inclusive work environment. Therefore, we welcome applications from people of different backgrounds. In addition, we aim to increase the proportion of women in technical professions and are pleased to receive applications from women for this position.