Job Description

Your Role

As L3 SOC Internal Analyst, you lead the day‑to‑day operations of our Cyber Defense Center (CDC) and set the direction for effective monitoring, investigation, and incident response across all SOC tiers. You act as the primary interface to our Managed Security Service Provider (MSSP) and as the senior escalation point for our most complex and high‑impact investigations. Beyond the operational lead role, you shape and steer our threat hunting activities, ensuring they are risk‑driven, measurable, and firmly anchored in CDC governance. In close collaboration with engineering, CIRT, threat intelligence, and other capability functions, you drive the continuous evolution of our detection and response capabilities and help strengthen the organization's overall security posture.

- Act as the single point of contact for the MSSP conducting SOC 24/7 monitoring and manage vendor performance, outputs, and service assurance.

- Serve as the L3 escalation point for complex alerts, incidents, and investigations, providing senior technical expertise and decision‑making.

- Coordinate and lead response to incidents across SOC tiers and ensure effective handover to the CIRT for high and critical cases.

- Own the SIEM/SOAR detection lifecycle, including log source onboarding, continuous fine‑tuning of detection rules, and review/validation of use cases.

- Define threat hunting objectives, aligning them with the CDC’s strategic goals and coordinate MSSP-led threat hunting activities.

- Develop and produce monthly KPI dashboards and reporting to demonstrate SOC performance and drive improvements.

- Work with the engineering team to increase log coverage, telemetry quality, and overall visibility across the monitored environment.

- Serve as Duty Operational Manager on a rotational on‑call basis (24/7/365), providing senior operational oversight and incident support out of hours.

Your Profile

- Degree in Computer Science, IT Security, or a related field, or equivalent work experience.

- Several years of experience in a Security Operations Center, incident response, or threat detection role, including senior/L3 responsibilities and team or vendor coordination.

- Excellent communication and stakeholder management skills, with the ability to translate technical findings for both technical and executive audiences.

- Experience in incident response, threat detection, or security monitoring, with expertise in detection and response workflows.

- Strong ability to work under pressure, prioritize critical incidents, make rapid decisions, and support on‑call escalation.

- Hands‑on experience with SIEM, SOAR, and EDR technologies, as well as a solid understanding of detection technologies such as IDS/IPS, DLP, and WAF.

- Understanding of security threats and attack frameworks such as MITRE ATT&CK and the Cyber Kill Chain.

- Ability and drive to review, manage and continously improve vendor performance, contracting and metrics with clear accountability and follow‑through.

- Experience leading threat hunting activities, including defining hypotheses, objectives, and measurable outcomes.

- Familiarity with EU cybersecurity regulations relevant to SOC operations (e.g., NIS2 Directive) is a plus.

- Professional certifications such as CISM, GCIA, GCIH, or CISSP are a plus.

- Fluency in English; German is a plus.

What we offer

Our employees are the innovative backbone and driving force of our company. That is why you are our focus.

- Technology stack: Modern and cutting-edge technology stack with opportunities to experiment and innovate within a high-tech group

- Flexible work options: 40-60% hybrid work option to provide flexibility and work-life balance

- Additional benefits: Annual flexible benefits that include cafeteria options, private health plans, and annual reward

- Extra option: Company parking space in the underground garage of the office building can be reserved

- Contribution: Opportunity to directly contribute to the development of innovative products through software delivery

- Supportive work environment: working in a team composed of excellent teammates and a supportive lead who collaborate to guide and support professional development from day one

Your ZEISS Recruiting Team:

Bartha Györgyi, Fedor Fanni, Wenner Lili