Cyber Security - Threat Response Expert

• Monitoring and analyzing security alerts and events in real time to identify potential threats at an early stage
• Performs incident scoping through targeted threat hunting to assess impact and severity; documents findings and recommendations.
• Senior lead for complex incident investigations and coordination, ensuring high-quality triage, thorough scoping, and timely containment.
• Directs and validates recommended actions; executes pre-authorized response actions to contain active or suspected threats. • Work closely with other members of the global SOC-Team, and IT teams to ensure a coordinated response to global threats. \
• Documenting incidents, actions taken and outcomes for follow-up and continuous improvement
• Use of XDR, SIEM and other monitoring tools to identify and evaluate security events and incidents.
• Perform a deep analysis of suspicious activity and security alerts to assess their severity and potential impact.
• Coordinate forensic analysis of compromised systems and data to determine the root cause of security incidents and prevent future incidents.
• Coordinate the entire security incident management process from detection to resolution 
• Participate in regular training and education to stay current on the latest security technologies, threats and response strategies.
• Contributes to the continuous improvement of incident response processes by sharing experiences and suggestions for optimizing playbooks and procedures
• Support internal and external communication during a security incident to inform relevant stakeholders about the status of incident management.
• Drive post-incident improvements: capture lessons learned and recommend enhancements to detections, automation, and processes.

Experience: 3+ years of experience in IT Security, with a focus on incident response and threat detection. Knowledge in managing global or multi-regional security teams, with experience in a 24x7 operational environment.

Decision-Making:  Ability to make critical decisions under pressure during security incidents and experience in stakeholder management, working across multiple levels of the organization, including regional leaders.

Technical Knowledge: Experience working with Microsoft Defender XDR and SIEM (Microsoft Sentinel) is an advantage. Expertise in security operations, incident response methodologies. Proficiency with security tools such as SIEM (Security Information and Event Management), EDR (Endpoint Detection and Response), firewalls, anti-malware solutions and cloud security. Familiarity with cyber-attack vectors, threat intelligence, common attack techniques and vulnerability management.

Compliance & Legal Knowledge:  Understanding of global and regional cybersecurity regulations and compliance frameworks (e.g., GDPR, NIS2, ISO 27001).

Certifications: Cloud security certifications (Azure SC-200) are an advantage.CISSP, CSP, CCNA or similar are an advantage. Experience in digital forensics or log analysis, identifying indicators of compromise (IoCs), and performing root cause analysis. Solid English communication skills (B2-C1), German (B1) are an advantage

Incident Handling & Coordination: Ability to coordinate global incident response efforts, ensuring timely escalation, containment, eradication, and recovery. Expertise in creating and maintaining incident playbooks, along with conducting post-incident analysis (e.g., lessons learned, root cause analysis).

Ability to document incidents accurately, following incident handling procedures, and provide detailed analysis for future reference. Composure under pressure: Stays calm and decisive during high-severity incidents.