Job
- Level
- Senior
- Job Field
- IT, Security
- Employment Type
- Full Time
- Contract Type
- Permanent employment
- Location
- Ismaning
- Working Model
- Hybrid, Onsite
Job Summary
In this role, you design security architectures, optimize Splunk Cloud SIEM, conduct threat hunting, and lead complex incidents while mentoring SOC analysts and junior engineers.
Job Technologies
Your role in the team
- Design, implement, and continuously mature security architecture across endpoint, identity, network, cloud, and email domains.
- Act as primary technical advisor to the external MSSP, reviewing and optimizing the Splunk Cloud SIEM and Cribl Stream/Edge data pipeline.
- Partner with Infrastructure, Cloud Admin, and Client Services teams to review, harden, and implement security controls (Defender for Endpoint, Intune, Proofpoint, Zscaler, Cisco FTD, FortiGate).
- Oversee vulnerability management, prioritize remediation with system owners, and manage/quality-assure penetration tests and red-team exercises.
- Perform and guide proactive threat hunting across XDR, identity, and network telemetry, converting findings into durable detections.
- Act as senior escalation point for the SOC, leading complex investigations, forensic analysis, and incident response playbooks/tabletop exercises.
- Mentor SOC analysts and junior engineers while maintaining high-quality architecture and runbook documentation.
This text has been machine translated. Show original
Our expectations of you
Education
- Bachelor's degree in IT Security, Cyber Security, Information Systems, or equivalent practical experience.
Qualifications
- Strong grounding in security-by-design, zero-trust, and frameworks such as NIST, ISO 27001, CIS Benchmarks, and MITRE ATT&CK.
- Fortgeschrittene Kenntnisse in Splunk Cloud SIEM (SPL, Use-Case-Entwicklung) und Cribl Stream/Edge.
- Hands-on familiarity with Microsoft Security Stack, AWS Security Services, Proofpoint, and Zscaler/Cisco/FortiGate.
- Preferred certifications include: CISSP, GIAC (GCIH, GCIA, GCFA, GDSA), Microsoft SC-200/SC-100/AZ-500, AWS Security Specialty, Splunk Enterprise Certified Admin, Cribl Certified Observability Engineer.
- Strong English communication skills (German a plus) and proven stakeholder/consulting ability across cross-functional teams.
Experience
- 5+ years of experience in IT security engineering, security operations, or infrastructure security.
This text has been machine translated. Show original
What we offer
- Growth is important to us, that's why we support your personal and professional development.
- A working environment based on trust, encouragement and constructive feedback.
- Collaboration with people from different countries and cultures.
- 32 days of annual leave plus 2 days off.
- Flexible working hours and home office policy (approx. 60% possible).
- Attractive employee conditions for car insurance.
- Exceptional company benefits: Employer subsidy for occupational pension scheme and disability pension, supplementary company health insurance, capital-forming benefits.
- Optional: Job ticket, car parking spaces, monthly travel allowance.
- EGYM Wellpass.
- Financial subsidy as a small wish-fulfiller.
- Free coffee, tea, water and weekly fruit delivery.
- Health management and pme family service.
This text has been machine translated. Show original
Benefits
Work-Life-Integration
Topics that you deal with on the job
Job Locations
This is your employer
AND-E
AND-E is an innovative insurance company headquartered in Ismaning near Munich. As part of the MS&AD Group Holding, it ranks among the largest insurance groups in the world and employs 250 staff in Germany. The company is recognized as one of the leading telematics providers in Europe and collaborates closely with the Toyota and Lexus organization.
Description
- Company Type
- Established Company
- Working Model
- Hybrid, Onsite
- Industry
- Banking, Finance, Insurance