We drive the transformation of the financial markets. That’s why we invest in bright minds, in their ideas, knowledge and development. We do that by combining our best sides.


If you would like to find out why stability makes us so agile, why experience makes us so curious and why empathy makes us so impactful, apply now for the position of



 Senior Detection Engineer / Threat Hunter

Madrid, Zurich | working from home up to 60% | Reference 4604


BME is the infrastructure of all the securities markets and financial systems in Spain and is owned by SIX.


The global Threat Detection & Hunting Team works within Line of Defense 1 and is a critical function within SIX. Our mission is to detect potential attackers in our IT infrastructure by developing threat models and using them to build detection methods and proactive hunts. As a Senior Detection Engineer you have already gained experience in analyzing host and network intrusion activities and you enjoy researching TTPs and turning that research data into high-quality detections. Also, you should have a passion for threat hunting and love to discover new technologies. Furthermore, you have advanced knowledge of enterprise Windows/Linux environments and you are familiar with various public cloud platforms and related security products.

As part of this team you will work under a flexible hybrid model (60% of remote working and 40% in the office).

Do you want to become part of a dynamic team, which protects this ecosystem? We are looking forward to your application!



What You Will Do

  • conceptualize, test, and develop threat detection use cases. In particular you will develop SIEM detection rules, capable of correlating data logs of various nature (i.e. host, network traffic, mail data, etc.), as well as the IRP playbooks that will guide the SOC analysts through the Incident Response process phases
  • design, test, and develop integrations and automation logic among the tools in our technology stack (i.e. cloud security products, SIEM, EDR, IRP) to support the investigation activities of SOC
  • test, conceptualize, and execute proactive hunts based on host activities and network traffic. You will process Threat Intelligence reports to develop your hypothesis and you will use a variety of tools to conduct hunting

What You Bring

  • a minimum of 4 years of hands-on experience as a detection engineer / SOC use case developer with creating and tuning custom detection rules. Experience with log analysis from multiple sources (i.e. firewall, IDS, endpoints) to identify and investigate security events and anomalies. Preferably familiar with SIEM tools like QRadar, Sentinel, Splunk, or Elastic
  • relevant and extensive experience as a threat hunter with researching TTPs and developing enterprise-wide hunting expeditions. Experience with making the MITRE attack framework actionable. Preferably familiar with EDR tools like Tanium or Defender for Endpoint
  • 2-3+ years of hands-on experience in the area of scripting and automation. Preferably familiar with Demisto, REST APIs, Python, GitLab, and Azure DevOps
  • motivated team player with strong customer focus as well as structured and goal-oriented way of working
  • willingness to do on-call duty (aprox. 1 week every month). This is economically compensated
  • good comand of written and spoken English to describe security event details and technical analysis with audiences within the cybersecurity organization and other IT teams; a good level of Spanish and/or German is a plus


If you don’t full fill all these points but you would be interested in the role and you think you can do it, don’t hesitate to contact us anyways. We will like to consider your application. 


If you have any questions, please call Sara Perez de la Cuesta at +34 91 709 56 80.


For this vacancy we only accept direct applications in English.


Diversity is important to us. Therefore, we are looking to receiving applications regardless of any personal background. 

What We Offer

Flexible Work Models
We trust our employees and offer a work environment that is well-balanced, productive and fosters success. 

Personal Development
You will benefit from a culture of continuous learning and feedback. Your personal growth is supported through an extensive learning offering.

Agile Working Methods 
Whether through scrum or design thinking,
we solve exciting tasks together in teams.