(Senior) Cyber Detection & Response Engineer (f/m/d)

ZEAL Network SE is a dynamic, international group of companies that has been creating exciting and innovative lottery experiences for over 20 years. As Germany’s largest provider of online lotteries through our brands LOTTO24 and Tipp24, and a trusted partner of Spain’s ONCE, the second-largest national lottery, we’re shaping the future of the lottery industry. We are passionate about driving innovation, as demonstrated by our newest brands, Freiheit+ and Traumhausverlosung, which bring fresh and exciting dreams to life. Additionally, through ZEAL Ventures, we invest in inspiring e-commerce start-ups like Omaze and DAYMADE, fueling fresh ideas and opportunities.

Our team of 290+ professionals from diverse backgrounds is united by a visionary mindset, a passion for collaboration, and a commitment to inspire dreams. At ZEAL, we empower our people to think ambitiously and work together toward a shared purpose: helping people imagine and achieve their aspirations.

The role:

As a (Senior) Cyber Detection & Response Engineer (f/m/d), you own and continuously improve the CrowdStrike Falcon platform to achieve high signal quality, coverage, and operational maturity. You ensure Falcon operates at its full potential across ZEAL’s IT estate as the environment grows in complexity. The role focuses on delivering actionable detection and response outcomes that scale with the business and strengthen ZEAL’s security posture.

Your tasks:

• Own and continuously improve the effectiveness of the CrowdStrike Falcon platform, ensuring high signal-to-noise ratio, and clear, scalable operational workflows

• Manage configuration, policy governance, module optimisation, and sensor coverage across endpoints, servers, network, and cloud

• Own and actively shape the collaboration with Falcon Complete, ensuring MDR output is relevant, high-quality, and aligned with ZEAL’s environment, and continuously improving escalation quality and response effectiveness

• Act as L2/L3 escalation point for incidents; lead investigation, scoping, and post-incident review

• Define and continuously refine alert triage and prioritisation strategies

• Build, tune, and continuously improve custom detections, correlation logic, and queries to increase fidelity and reduce false positives

• Conduct targeted and hypothesis-driven threat hunting using Falcon data

• Leverage Falcon Exposure Management to identify and prioritise security gaps (e.g. vulnerabilities, misconfigurations, identity risks)

• Translate exposure insights into concrete remediation actions and track improvement in overall security posture over time

• Develop and evolve pragmatic response playbooks and dashboards to enable fast, consistent incident handling

• Upskill the broader security team and Corporate IT team, and establish shared understanding of Falcon capabilities

• Own the CrowdStrike vendor relationship (TAM/Security Advisor) and drive ongoing platform improvement

• Operate effectively in a lean security team, prioritising high-impact improvements and driving outcomes with limited overhead

What you offer us:

• 5+ years in security engineering, detection engineering, or incident response

• Strong hands-on experience with CrowdStrike Falcon (or equivalent EDR/XDR), including detection engineering, investigation workflows, and platform tuning in a production environment

• Proven track record of improving detection quality and reducing alert fatigue over time

• Experience working with or alongside MDR services (e.g. Falcon Complete)

• Solid understanding of MITRE ATT&CK applied in real detection and response scenarios

• Proficiency in Falcon query language (or similar) for detection, hunting, and analysis

• Comfortable making and defending trade-offs on what to tune, suppress, or remove entirely

• Experience with vulnerability or exposure management (ideally within Falcon or similar platforms)

• Nice to have:

• CrowdStrike certifications (CCFA, CCFH, CCFR)

• Scripting (Python, PowerShell) and API-based automation

• Familiarity with ISO 27001 and/or PCI-DSS

What we offer:

• State-of-the-art technologies and an agile environment (Check our Tech Radar: https://lotto24.github.io/tech-radar/)

• A modern, dynamic culture grounded in the success of a leading-edge e-commerce company.

• A talented team of ambitious, like-minded colleagues where your knowledge and ideas truly make an impact.

• Ongoing personal growth, supported by an annual development budget of €1,500 to invest in your professional development.

• Trust and autonomy, no micromanagement, just confidence in your ability to deliver and excel.

• Flexible work options with a hybrid setup focused on results.

• Unlimited vacation days in addition to your yearly 30-day vacation allowance.

• Opportunity for workations abroad using our WorkFlex tool.

• Monthly mobility allowance of €30 to use on the mobility option of your choice (e.g., the Deutschlandticket), plus access to a company bike leasing program.

• Company pension scheme, provided in partnership with Degura, to support your future financial security.

• Subsidized EGYM WELLPASS membership, with a contribution of only €25 per month, giving you access to a wide range of gyms and sports options across Germany.

• Monthly company events, team activities, and informal gatherings, including our popular company-wide lunches provided four days a week.