Sr Specialist Cyber Security

Role Overview:
The Cyber Security Engineer strengthens the technical backbone of the globally distributed Information Security team and its security and compliance efforts. The Cyber Security Engineer increase cyber security acting as the team’s hands-on specialist for vulnerability management, penetration testing, and digital forensics.

The Cyber Security Engineer supports global compliance objectives under ISO 27001 ISMS, 27002 Security Controls, 27005 Risk Management, 42001 AI Governance and 22301 Business Continuity Management, turning policy into technical validation and technical reporting data into readable reports.

The CSE works closely with the CISO, ISOs and ISRs.

Key Responsibilities:

• Security Monitoring & Incident Handling: Participate in global SIEM/SOC operations as counterpart and point of escalation for our managed SOC Provider, ensuring threats are detected and mitigated fast enough.
• Security Incident Response Support: Conduct forensic investigations of security incidents. Collect, analyze, and preserve digital evidence in line with global best practices.
  
• Automation & Hardening: Develop scripts and tools for vulnerability scanning, system monitoring, and threat detection. Automate repetitive pain.
• Threat & Risk Analysis: Collaborate with risk management colleagues to translate technical findings into business risks under the ISO 27005 methodology.
• Security Architecture Support: Work with infrastructure and application teams to design secure configurations and architectures that comply with ISO 27001 while ensuring performance or budget control.
• Business Continuity Integration: Support the ISO 22301 framework by ensuring technical continuity and disaster recovery plans including proper recovery procedures, 3-2-1 backups, and response mechanisms.
• Vulnerability & Penetration Testing 
• Perform internal and external penetration tests on systems, networks, and applications to identify security weaknesses.
• Ethical Hacking
• Simulate real-world attack scenarios to assess system resilience. Use creativity, persistence, and just enough mischief to make defenders sweat—but ethically.
• Documentation & Reporting: Produce clear, actionable security reports and technical documentation for executive review without losing technical integrity.
  
  

Key Requirements:

• Bachelor’s degree in Computer Science, Cybersecurity, or related technical field.
• At least 3 years of hands-on experience in cybersecurity engineering, penetration testing, or digital forensics.
• Understanding of ISO 27001 and the associated ISO Norms
• Proficiency with tools such as Burp Suite, Metasploit, Nessus, Wireshark, Nmap, Volatility or similar utilities.
• Strong scripting skills (Python, PowerShell, Bash) for automation and analysis.
• Familiarity with cloud security (MS Azure) and hybrid environments including Intune, Microsoft Defender, Sentinel, and the broader Microsoft 365 security ecosystem.
• Experience with forensic tools (e.g., Autopsy, FTK, EnCase) is a plus
• Fluent English skills, spoken and written

Preferred Certifications:

• CEH (Certified Ethical Hacker) as the entry point
• OSCP (Offensive Security Certified Professional) or CHFI (Computer Hacking Forensic Investigator) are a plus
• ISO 27001 Implementer or Auditor is a plus for blending tech with governance

Personal Qualities:

• Analytical and creative
• Calm under pressure
• Enjoys global collaboration
• Good communication skills
• Detail-oriented, disciplined, and preferring structured configurations

• Attraktiver und sicherer Arbeitsplatz
• Handlungs- und Gestaltungsspielraum in einem innovativen und globalen Arbeitsumfeld
• Je nach Einsatzbereich flexible und bedarfsgerechte Arbeitszeitmodelle und Möglichkeit zu mobilem Arbeiten
• Praxisorientiertes Onboarding