SIEM Data Engineer

Empowering people. Unlocking innovation. With 1,000+ professionals and over a decade of experience, weve built an environment where talent is trusted, supported and continuously challenged to grow. People-first culture built on trust and real proximity. Stable environment with turnover clearly below industry average. International, high-impact projects powered by modern tech stacks. €1,200 annual training budget per employee. Real flexibility, not just a promise. Continuous feedback culture with monthly follow-ups and annual 360o reviews. Private health insurance, flexible compensation and Wellhub. Active tech communities where knowledge is shared and innovation evolves. A team that delivers and celebrates together. Ready to grow with us? Take a look at this opportunity We are looking for a SIEM Data Engineer to join an international project for a leading German client in the automotive sector. The role is focused on security log analysis, log ingestion, parsing, normalization and SIEM data modelling, working closely with security and operations teams. We are especially looking for someone with experience in Cribl and Splunk, although similar experience with log pipeline, log management or SIEM environments will also be valued. What will you do? Connect security-relevant log sources to a SIEM through Log Stream Processing platforms. Analyse security logs and define data models. Create and maintain parsers to normalize log data. Support SIEM data ingestion and security use case definition. Work with security and operations teams to improve log processing solutions., Will have access to confidential information related to Capitole and the project they are working on. -Must comply with the security policies and internal policies of the company and the client. -Must sign an NDA.

3+ years of experience with SIEM tools, especially Splunk or Elastic. Hands-on experience with Cribl or similar Log Stream Processing tools. Strong knowledge of log analysis, parsing, Regex and data normalization. Experience with Linux/UNIX/Windows environments and network technologies. Scripting experience with Python, Bash/Shell or JavaScript. Knowledge of cloud or container technologies such as AWS, Azure, GCP, Kubernetes or OpenStack. Understanding of Security Incident Response or security monitoring processes. Excellent English level, both written and spoken.