Threat Intelligence Engineer

What you do

• Analyze real-world attacks, post-incident findings, and emerging adversary tradecraft to identify relevant threat activity and convert retrospective analysis into forward-looking intelligence.
• Translate threat intelligence into actionable detection content by producing detection rules and analytical guidance for deployment by detection engineering teams across platform-native environments.
• Track threat actors and map tactics, techniques, and procedures to MITRE ATT&CK, identifying coverage gaps and generating meaningful hunting leads based on relevance to the Allianz environment.
• Build and maintain automation for repetitive intelligence workflows using SOAR platforms, Power Automate, N8N, Python, scripting, and API integrations to improve speed, quality, and consistency.
• Apply AI in daily analytical workflows to categorize incoming intelligence, enrich indicators, correlate reporting with tracked topics, and accelerate decision-making.
• Communicate findings clearly through dashboards, written intelligence notes, and operational briefings so that detection engineers, incident responders, IT administrators, and leadership can act confidently.
• Support the full IOC lifecycle and contribute during active security incidents by providing timely analytical input, validation, and triage support as part of on-call rotations.

• Hands-on experience in intrusion analysis, including the investigation of real-world attack patterns, adversary behavior, and post-incident evidence.
• Proven ability to turn intelligence into action through detection engineering, including authoring, tuning, or validating detection rules in production environments.
• Strong knowledge of MITRE ATT&CK, especially at procedure level, and a solid understanding of the telemetry required to detect adversary activity effectively.
• Practical coding and automation skills, ideally in Python, scripting, and API-driven workflows, with a builder mindset focused on improving efficiency through automation.
• Good understanding of the Threat Intelligence Lifecycle and structured analytical techniques, including models such as the Diamond Model and Kill Chain.
• Experience working with or exposure to tools such as Google SecOps, CrowdStrike Falcon / Intelligence, Google Threat Intelligence / VirusTotal, Recorded Future, MISP, or similar platforms.
• A proactive, outcome-driven mindset with the ability to stay composed under pressure, communicate clearly during incidents, and collaborate effectively across technical teams.

What we offer

• We offer a hybrid work model which recognizes the value of striking a balance between in-person collaboration and remote working incl. up to 25 days per year working from abroad.
• We believe in rewarding performance and our compensation and benefits package includes a company bonus scheme, pension, employee shares program and multiple employee discounts (details vary by location).
• From career development and digital learning programs to international career mobility, we offer lifelong learning for our employees worldwide and an environment where innovation, delivery and empowerment are fostered.
• Flexible working, health and wellbeing offers (including healthcare and parental leave benefits) support to balance family and career and help our people return from career breaks with experience that nothing else can teach.

About Allianz Technology

With its headquarters in Munich, Germany, Allianz Technology is Allianz's global IT service provider and delivers IT solutions that drive the group's digitalization. With more than 11,000 employees in over 20 countries around the world, Allianz Technology is tasked to run, optimize, transform, and innovate the infrastructure, applications, and services together with Allianz companies to co-create the best customer experience.

We service the entire spectrum of digitalization – from one of the industry's largest IT infrastructure projects that spans data centres, networks, and security, to application platforms ranging from workplace services to digital interaction.

In short: We deliver comprehensive end-to-end IT solutions for Allianz in the digital age. We are the backbone of Allianz.

Find us at: www.linkedin.com/company/allianz-technology.

Commitment to Integrity, Fairness & Inclusion

Allianz Technology is proud to be an equal opportunity employer dedicated to fostering an inclusive work environment for everyone. We embrace individuals of all gender identities and expressions, sexual orientations, ethnicities, ages, nationalities, religions, disabilities, and philosophies of life. Ultimately, our greatest strength as a company lies in the unique skills, experiences, and backgrounds our employees contribute.

We therefore welcome applications regardless of race, ethnicity or cultural background, age, gender, nationality, religion, social class, disability or sexual orientation, or any other characteristics protected under applicable local laws and regulations.

To Recruitment Agencies:

Allianz Technology has an in-house recruitment team that sources great candidates directly. Therefore, Allianz Technology does not accept unsolicited resumes from agencies or search firm recruiters.

When we do work with recruitment agencies, that engagement is formalized by a contract. Fees will only be paid when there is a contract in place. Without a contract in place, we will not accept invoices on unsolicited resumes, even if the candidate was ultimately employed by Allianz.