Lead Security Analyst - Security Operations

Personio's intelligent HR platform helps small and medium-sized organizations unlock the power of people by making complicated, time-consuming tasks simple and efficient. Our growing team of 1,800+ Personios across Europe and the US are building user-friendly products that delight our 14,000+ customers and their 1.5 million employees. Ready to make an impact from day one?
This role can be based in Germany, Ireland, UK or Spain.
The Role: How you'll make an impact at Personio
Personio's intelligent HR platform helps small and medium-sized organisations unlock the power of people by making complicated, time-consuming tasks simple and efficient. Our growing team of 1,800+ Personios across Europe and the US are building user-friendly products that delight our 14,000+ customers and their 1.5 million employees. Ready to make an impact from day one?
Security is a first-class priority in Personio and we are looking for an experienced Security Analyst to join our growing Security organisation. Personio processes highly sensitive data for thousands of customers and so security comes first when designing and operating our platform and applications. We're on a journey to supply Personio with best-in-class security programs and technologies to maintain trust with our customers.
On the Security Operations (SecOps) Team, our mission is to enable Personio to detect and manage security threats to its customers and business. As part of SecOps, you will work to identify potential vulnerabilities, data breaches, and signs of compromise in our environment, and work with colleagues from across Personio to understand and remediate such threats.
Role Responsibilities: What you'll do

• Work with SecOps Engineers to deploy and maintain high-quality detections on our Security Monitoring (SIEM) platform
• Regularly review events and alerts from both production and corporate IT system feeds, looking for signs of compromise
• Flag noisy and underperforming alerts for improvement, providing insights to SecOps Engineering for remediation
• Identify gaps in logging quality and work with SecOps Engineers to remediate
• Help build out our detection and response playbooks, adding new insights and automations to our investigation and incident response procedures
• Identify gaps in existing detection or response playbooks, ensuring they are always up-to-date and effective
• Support the wider Security Team by participating in regular "Firefighting" rotations where you'll act as the on-duty team representative, answering inquiries from across the business and responding to urgent matters
• Provide SME support during Security Incident Response and Post Mortem activities

Role Requirements: What you need to succeed

• BS in Computer Science, Information Security, or equivalent professional experience
• At least 5 years of experience in related areas of Cyber Security, with working knowledge of threat detection, incident response, or similar functions
• Familiarity with the latest threat landscape facing Cloud-based apps, SaaS Providers and how to spot them in activity logs
• Strong skills in working with complex, high-volume data sets using SQL-like query languages to find signs of compromise
• Confidence leading large Security Incidents, supervising an incident response team and providing executive-style updates for our stakeholders
• Understanding of best practices in security forensics, log collection from different data sources
• Hands-on experience with standard security tech stacks in the industry - SOAR, SIEM, threat intelligence tools, EDR, NGFW and beyond
• Eagerness to create scripts and tooling to automate and improve your operational tasks, with working knowledge of at least one scripting language, such as Python
• Excellent written and spoken English skills, with the ability to adapt messaging to executive, technical, and non-technical audiences

And your motivation:

• You are a team player. You are open to different approaches and support the team in making decisions.
• You are a proactive problem solver. You are willing to leave the code, documentation and processes you come across in a better shape than when you first encountered them.
• You are pragmatic and aware of the business value your efforts provide. You don't create security roadblocks, but rather enable and coach your peers to deliver secure solutions to address common challenges.
• You have a healthy "security mindset". You trust but verify the data you work with, and you are always searching for new threats and new ways of doing things.
• You embrace change. You love to try new tools and ways of working and have an iterative approach to your work. You don't have a deep attachment to certain vendors or stacks, because you know the perfect tool doesn't exist and that a well-trained analyst can work with anything.
• You embrace feedback. No one is perfect, and neither are we. So let's make this an opportunity to praise and learn from each other.
• Teaching, coaching, and empowering your colleagues are things that fulfill you.

Why Personio
Personio is an equal opportunities employer, committed to building an integrative culture where everyone feels welcomed and supported. We embrace uniqueness and understand that our diverse, values-driven culture makes us stronger. We are proud to have an inclusive workplace environment that will foster your development no matter your gender, civil status, family status, sexual orientation, religion, age, disability, education level, or race.
Aside from our people, culture, and mission, check out some of the other benefits that make Personio a great place to work:

• Receive a competitive reward package - reevaluated each year - that includes salary, benefits, and pre-IPO equity
• Enjoy 28 days of paid vacation, plus an additional day after 2 and 4 years
• Make an impact on the environment and society with 1 (fully paid) Impact Day
• Receive generous family leave, child support, mental health support, and sabbatical opportunities
• We follow an office-led, remote-friendly approach, including opportunities to work from home and international locations.

• We enjoy gathering for meals, cultural initiatives, and events like local Summer Sessions and year-end celebrations. There are also healthy snacks, drinks, and a weekly catered lunch.