Job
- Level
- Senior
- Job Feld
- IT, Security
- Anstellung
- Vollzeit
- Vertragsart
- Unbefristetes Dienstverhältnis
- Ort
- Ismaning
- Arbeitsmodell
- Hybrid, Onsite
Job Zusammenfassung
In dieser Rolle entwickelst du Sicherheitsarchitekturen, optimierst Splunk Cloud SIEM, führst Bedrohungssuche durch und leitest komplexe Vorfälle, während du SOC-Analysten und Junior Engineers mentorst.
Job Technologien
Deine Rolle im Team
- Design, implement, and continuously mature security architecture across endpoint, identity, network, cloud, and email domains.
- Act as primary technical advisor to the external MSSP, reviewing and optimizing the Splunk Cloud SIEM and Cribl Stream/Edge data pipeline.
- Partner with Infrastructure, Cloud Admin, and Client Services teams to review, harden, and implement security controls (Defender for Endpoint, Intune, Proofpoint, Zscaler, Cisco FTD, FortiGate).
- Oversee vulnerability management, prioritize remediation with system owners, and manage/quality-assure penetration tests and red-team exercises.
- Perform and guide proactive threat hunting across XDR, identity, and network telemetry, converting findings into durable detections.
- Act as senior escalation point for the SOC, leading complex investigations, forensic analysis, and incident response playbooks/tabletop exercises.
- Mentor SOC analysts and junior engineers while maintaining high-quality architecture and runbook documentation.
Unsere Erwartungen an dich
Ausbildung
- Bachelor's degree in IT Security, Cyber Security, Information Systems, or equivalent practical experience.
Qualifikationen
- Strong grounding in security-by-design, zero-trust, and frameworks such as NIST, ISO 27001, CIS Benchmarks, and MITRE ATT&CK.
- Advanced knowledge of Splunk Cloud SIEM (SPL, use-case development) and Cribl Stream/Edge.
- Hands-on familiarity with Microsoft Security Stack, AWS Security Services, Proofpoint, and Zscaler/Cisco/FortiGate.
- Preferred certifications include: CISSP, GIAC (GCIH, GCIA, GCFA, GDSA), Microsoft SC-200/SC-100/AZ-500, AWS Security Specialty, Splunk Enterprise Certified Admin, Cribl Certified Observability Engineer.
- Strong English communication skills (German a plus) and proven stakeholder/consulting ability across cross-functional teams.
Erfahrung
- 5+ years of experience in IT security engineering, security operations, or infrastructure security.
Unser Angebot
- Growth is important to us, that's why we support your personal and professional development.
- A working environment based on trust, encouragement and constructive feedback.
- Collaboration with people from different countries and cultures.
- 32 days annual leave plus 2 days off.
- Flexible working hours and home office policy (approx. 60% possible).
- Attractive employee conditions for car insurance.
- Exceptional company benefits: Employer subsidy for occupational pension scheme and disability pension, supplementary company health insurance, capital-forming benefits.
- Optional: Job ticket, car parking spaces, monthly travel allowance.
- EGYM Wellpass.
- Financial subsidy as a small wish-fulfiller.
- Free coffee, tea, water and weekly fruit delivery.
- Health management and pme family service.
Benefits
Work-Life-Integration
Themen mit denen du dich im Job beschäftigst
Job Standorte
Das ist dein Arbeitgeber
AND-E
AND-E ist ein innovatives Versicherungsunternehmen mit Hauptsitz in Ismaning bei München. Als Teil der MS&AD Group Holding zählt es zu den größten Versicherungskonzernen weltweit und beschäftigt 250 Mitarbeiter:innen in Deutschland. Das Unternehmen gilt als einer der führenden Anbieter von Telematiklösungen in Europa und kooperiert eng mit der Toyota und Lexus Organisation.
Description
- Unternehmenstyp
- Etablierte Firma
- Arbeitsmodell
- Hybrid, Onsite
- Branche
- Banken, Finanz, Versicherung