RWE Generation SE
To start as soon as possible, full time, permanent
About the role
Join our Operational Technology (OT) Security Services team and play a key role in monitoring, analysing and responding to security threats and incidents. You will also help improve our detection capabilities and knowledge base, protecting the Operational Technology environments that are critical for RWE Generation’s flexible power generation and hydrogen (H₂) production.
We are an international, hybrid team across Germany, the Netherlands and the UK, working with transparency, respect, collaboration and a healthy sense of fun. At the heart of our work is the OT Security Operations Center (OT SOC), where we provide network monitoring, threat and vulnerability management, asset and configuration support, as well as security assessments, system hardening and red/purple team activities.
Your tasks in this role:
1. Monitor and analyse security events and alerts using SIEM, NSM and related tools.
2. Respond to incidents in real time, from containment and recovery to reporting and follow-up.
3. Develop and maintain detection use cases and incident response playbooks for OT/ICS threats.
4. Assess and improve visibility by identifying and closing monitoring and logging gaps.
5. Investigate incidents thoroughly, performing root cause analysis and sharing lessons learned.
6. Document clearly and consistently all findings, incidents and improvements.
7. Contribute to continuous improvement of processes, tooling, documentation, audits and knowledge sharing.
This role includes on-call duties and occasional travel to sites and team meetings in Germany, the Netherlands, the UK and Turkey.
Your profile
8. A completed degree in Cybersecurity, IT, Engineering, Computer Science or comparable field, or equivalent work experience.
9. Experience with NSM tools (e.g. Dragos, Claroty, Tenable) and log/security analysis platforms (Elastic, Splunk, Wazuh, Graylog, Zeek, Suricata); Solid knowledge of SIEM, SOAR, IDS/IPS and endpoint security.
10. Hands-on experience with incident response and familiarity with the MITRE ATT&CK for ICS framework.
11. Familiarity with OT/ICS protocols such as Modbus, DNP3, OPC, PROFINET, S7Comm, IEC 60870-5-104, MMS.
12. Strong communication skills in English and German.
Advantageous, but not essential
13. Relevant certifications (e.g. GRID, GICSP, GCIH, CompTIA CySA+, Security+).
14. Skills in scripting/automation (Python, PowerShell) and security in virtualisation (VMware, KVM, KubeVirt) and container environments (Kubernetes, Docker).
15. Experience at a SOC Managed Service Provider or in industrial/OT environments (energy, manufacturing, telecom or critical infrastructure).
RWE is committed to creating a diverse and inclusive environment – we value your passion, your willingness to learn and your desire to thrive. So, if you don’t display all the skills above but think this is the job for you, need flexible working arrangements or adjustments which aren’t outlined already, we would still like to hear from you.
Your benefits
16. Meaningful Work – Make a real impact by contributing to a safe and skilled workforce and directly supporting our organization’s success.
17. Inspiring and Dynamic Environment – Collaborate on exciting projects within a motivated and expert team.
18. Flexible Work Options – Enjoy a healthy work-life balance with hybrid working opportunities and flexible hours.
19. Growth and Development – Benefit from comprehensive training programs, leadership development, and clear career progression opportunities.
20. Competitive Rewards – Receive a competitive salary along with a range of additional benefits.
Apply with just a few clicks: ad code 90785, application period: 02.10.2025
Any questions? Contact HR: Nuria Hetschel, +49 172 8605977
We look forward to meeting you. Of course, you can find us on LinkedIn, Instagram, Facebook, YouTube and Xing, too.
We value diversity and therefore welcome all applications - regardless of gender, disability, nationality, ethnic and social origin, religion/belief, age, sexual orientation, and identity. #inclusionmatters
RWE Generation is Europe’s second biggest gas company. Its approximately 3,500 employees - among them many specialist technicians and engineers - operate power plants in Germany, the UK, the Netherlands and Turkey and are moving with purpose towards our vision for a clean future. With hydropower and biomass plants already online, they blend conventional energy expertise with renewables innovation.
We are bridging the gap to the age of renewables by focusing on hydrogen, biomass and battery storage. By converting our power plant fleets to carbon-neutral fuels such as hydrogen and biomass, and successfully developing new storage technologies RWE Generation is making a key contribution to our ambitious goals. You'll discover we are continuously challenging ourselves creating a team that’s built on trust and respect.