IT Security – SIEM Content Engineer

Join our Cyber Defence Centre located in Prague working for B2B customers in Czech Republic as well as abroad.

Our SOC team is responsible for detection and response to cybersecurity incidents in various infrastructures and for building international relationships with other SOC and CERT teams across Deutsche Telekom group.

What we expect

An expert in IT security monitoring, analysis and incident detection / response. Expertise in evaluation of IT suspicious security events and attacks. Experience with SIEM architectire, deployment and SIEM content management (creation of correlation rules for security alerting).

We look for

A person with a deep knowledge of IT security with at least two years experience in a similar position.

  • Expert knowlegde of SIEM ArcSight, QRadar or Splunk is a must-have
  • Good knowledge of operation systems, databases and computer networks
  • Good knowledge of coding and scripting (does not matter in what programming language)
  • Fluent Czech and English is a must-have
  • Experience with OTRS, XSOAR/Demisto or other SOAR tools appreciated
  • Experience with incident management and incident response is a must-have

What would be your agenda

  • Analyzing, designing, developing and delivering solutions for detection of security events
  • Identifying security threats
  • Incident response
  • Risk reviews
  • Vulnerability management
  • Event monitoring and log management (log collection, parsing)
  • Writing new SIEM correlation rules
  • Writing custom active lists, queries and rules
  • Care of SIEM platforms, mainly ArcSight and QRadar
  • Developing custom content based on threat intelligence (MISP)
  • Ensure SIEM technologies are integrated & utilized to protect cyber related assets
  • Improvement of SOC processes by their automation and siplification

Hands-on experience with the following technology set is appreciated:

  • Ticketing tools (preferably OTRS Storm
  • SOAR PaloAlto Demisto/XSOAR
  • Microfocus ArcSight ESM and Logger, QRadar, Splunk
  • Threat Intelligence / MISP
  • 3PAM CyberArk
  • Linux & Windows


Please send us your profile to

Místo práce

Tomíčkova 2144/1, 148 00  Praha-Chodov, Česká republika


IS/IT: Konzultace, analýzy a projektové řízení, IS/IT: Správa systémů a HW, IS/IT: Vývoj aplikací a systémů

Pracovní poměr

Práce na plný úvazek


T-Mobile Czech Republic a.s.
Martina Lancmanová