Your tasks

• Coordinate and communicate IT security incidents across teams and countries, managing the incident response process.
• Detect and analyze potential security incidents, ensuring effective containment.
• Reconstruct cyber-attacks and malware, analyze sensitive data, and derive remediation actions.
• Develop mechanisms to detect anomalies and attacks, initiating preventive measures to alert in time.
• Monitor the general threat landscape on the Internet and provide actionable recommendations.
• Advise internal projects on security-related issues.
• Conduct IT forensic investigations.
• Create meaningful reports on IT security incidents.

Your Profile

• Our Cyber Defense Center is fully built and up and running. We are now looking to strengthen the team with an Incident Response expert to cover the weekday afternoon shift.  This is a hands-on, experienced technical role focused on advanced incident, and continuous improvement rather than tier-one alert triage.
• You will join a large Cyber Security organization with excellent opportunities for growth, development, and promotion based on performance and training. Continuous learning is essential in this field, and the company supports this with a wide range of education and training options to enhance both soft and hard skills.
• 5+ years of professional experience in Incident Response, leading medium to critical security incident response.
• Hands-on experience in incident response, including triage, containment, remediation, and end-to-end security investigations.
• Experience partnering with Escalation Management,  Product Development/Engineering, IT, Legal, Cloud Ops, and wider cybersecurity teams to lead remediation.
• University degree in Information Technology or comparable education.
• Strong English skills, fluent business English (speaking and writing) at advanced level (B2+).
• Further education in IT forensics and security incident management.
• Expert knowledge in SIEM systems (preferably Splunk), SOAR tools, and EDR solutions.
• Strong technical expertise in deployed technologies and cyber attack techniques.
• Knowledge of national and international IT standards and frameworks (ISO 27001, NIST Cyber Security Framework, BSI Grundschutz, ITIL, OWASP, MITRE ATT&CK).
• High communicative and analytical skills, ability to work independently, and strong team spirit.
• Confidence and persuasiveness with communication skills in English. German will be well considered but it is not mandatory.
• Commitment to continuous education and professional development.
• Would be a plus: Strong digital forensics skills, including analysis, timeline reconstruction, and interpreting artefacts across Windows, macOS, Linux, and cloud environments.
• Would be a plus: Experience in cloud incident response including familiarity with cloud-native logging, identity systems, and investigation techniques.
• Would be a plus: Knowledge of application security, including investigating application-layer attacks, abuse cases, and SaaS-specific threats.
• Working Hours: Morning shift (05:45 – 14:00h), from Monday to Friday (no rotation).