Work for

Cyber Security Engineer

Job type:Contract
Town/City:Erkrath
Region:Nordrhein-Westfalen
Sector:Cyber Security
Client Company Type:In-House
Job ref:8299
Post Date:February 6, 2026
Apply NowCreate Job Alert

Meet Our Recruiter

Richard Brady

Director of Contracts - Technology
+44 208 157 9412
+49 89 4750 2248
+44 7441 340 860
richard.brady@mamgruppe.com
Contact on WhatsApp

About the Role

Cyber Defense Consultant – Remote


Freelance Position | Cologne, Germany | €700–800 per day


Job Overview

We are seeking an experienced Cyber Defense Consultant for a freelance engagement supporting cybersecurity operations for a client based in Cologne, Germany.

This is a highly technical, hands-on security engineering and consulting role requiring deep expertise in incident response, threat detection, vulnerability management, and defensive security operations.

You will be directly involved in investigating security incidents, performing forensic analysis, conducting vulnerability assessments, and working hands-on with security tools and systems. This role requires someone who can hit the ground running, provide immediate technical value, and deliver professional consulting services while defending against complex security threats.

Key Responsibilities

Hands-On Incident Response & Investigation

  • Investigate and respond to security incidents from detection through containment and remediation
  • Perform forensic analysis on compromised systems, including memory dumps, disk images, and log analysis
  • Conduct malware analysis and reverse engineering to understand attack vectors and tactics
  • Execute incident response procedures and technical playbooks during active security events
  • Analyse security alerts from SIEM, EDR, and other security tools to identify genuine threats
  • Perform root cause analysis and document technical findings for post-incident reports
  • Engage directly with affected systems to contain threats and support recovery
Security Tools & Platform Engineering
  • Hands-on configuration and optimisation of the Microsoft Defender suite (Endpoint, Office 365, Identity, Cloud Apps)
  • Build and tune detection rules, hunting queries, and automated response workflows
  • Configure and maintain SIEM platforms, correlation rules, and security use cases
  • Integrate security tools and orchestrate automated response capabilities
  • Troubleshoot technical issues across security infrastructure and monitoring tools
  • Test and validate security controls and detection capabilities
Vulnerability Assessment & Testing
  • Perform hands-on vulnerability scanning across infrastructure and applications
  • Conduct penetration testing exercises to identify security weaknesses
  • Exploit and validate vulnerabilities to assess real-world risk
  • Analyse scan results and manually verify findings
  • Work with technical teams to validate and test remediation efforts
  • Maintain and configure vulnerability scanning tools and assessment platforms
Threat Hunting & Proactive Defense
  • Conduct proactive threat hunting activities across the environment
  • Analyse network traffic, system logs, and endpoint telemetry to identify anomalies
  • Investigate suspicious activity and potential indicators of compromise
  • Develop and execute custom detection logic and hunting hypotheses
  • Perform deep-dive analysis of advanced persistent threats
  • Build custom scripts and tools to support security operations
SOC Provider & Technical Coordination
  • Work directly with external SOC analysts during incident investigations
  • Provide technical guidance and escalation support for complex security events
  • Review and validate alerts and findings from SOC providers
  • Collaborate on tuning detection rules and reducing false positives
  • Participate in technical reviews of SOC performance and capabilities
  • Share threat intelligence and technical indicators with SOC partners
Essential Requirements

Technical Experience
  • Minimum 10 years of hands-on cybersecurity experience, with at least 5 years in incident response
  • Proven experience investigating and responding to complex security incidents
  • Hands-on experience with vulnerability assessments and penetration testing
  • Direct experience configuring and managing security tools (SIEM, EDR, IDS/IPS, etc.)
  • Experience working technically with external SOC providers
  • Strong hands-on experience with Microsoft Defender (Endpoint, Office 365, Identity, Cloud Apps)
  • Experience performing forensic analysis and malware investigations
  • Ability to work independently and integrate quickly into new environments
  • Previous freelance or consulting experience in similar roles
Core Technical Skills
  • Expert understanding of incident response methodologies (NIST, SANS)
  • Hands-on SIEM experience (Splunk, Sentinel, QRadar)
  • Strong scripting skills (PowerShell, Python, Bash)
  • Deep technical knowledge of Windows, Linux, and networking
  • Experience with forensic tools (EnCase, FTK, Volatility)
  • Packet analysis skills (Wireshark, tcpdump)
  • Malware analysis techniques and tooling
  • Penetration testing tools (Metasploit, Burp Suite, Nmap)
  • Strong knowledge of MITRE ATT&CK and kill chain models
  • Practical cloud security experience (Azure, AWS, or GCP)
Language Requirements
  • Fluent English (written and spoken)
  • German language skills are essential
Security Frameworks & Standards
  • Practical knowledge of ISO 27001, NIST CSF, and CIS Controls
  • Understanding of GDPR, PCI-DSS, SOX, and related regulations
  • Experience validating and testing security controls
Consulting Skills & Attributes
  • Hands-on technical problem solver
  • Able to make decisions under pressure during live incidents
  • Self-starter who adapts quickly to new environments and tools
  • Strong client-facing communication skills
  • Professional consulting demeanour and presentation style
  • Highly analytical with strong attention to detail
  • Comfortable working in command-line environments
  • Passion for emerging threats and attack techniques
  • Excellent documentation and report-writing skills
  • Ability to provide strategic security recommendations alongside implementation
Desirable
  • Banking or financial services sector experience
  • Experience with SOAR platforms and security automation
  • Background in offensive security or red teaming
  • CTF participation or security research contributions
  • Experience with threat intelligence platforms
  • Cloud-native and container security experience
Freelance Engagement Details
  • Engagement Type: Freelance contract (Freiberufler)
  • Location: Cologne, Germany (Köln)
  • Duration: 12 months
  • Work Model: Remote (German-speaking environment)
  • Start Date: March 2026
  • Rate: Competitive daily rate based on experience
  • Requirements: Valid German work permit or EU right to work
  • Business Registration: Freiberufler or own company (GmbH / UG)

 

More Jobs from this Recruiter

Erkrath, Nordrhein-Westfalen

Cyber Security Engineer

Cyber Defense Consultant – Remote Freelance Position | Cologne, Germany | €700–800 per day Job Overview We are seeking an experienced Cyber Defense Consultant for a freelance engagement supporting cybersecurity operations for a client based in Cologne, Germany. This is a highly technical, hands-on security engineering and consulting role requiring deep expertise in incident response, threat detection, vulnerability management, and defensive security operations. You will be directly involved in investigating security incidents, performing forensic analysis, conducting vulnerability assessments, and working hands-on with security tools and systems. This role requires someone who can hit the ground running, provide immediate technical value, and deliver professional consulting services while defending against complex security threats. Key Responsibilities Hands-On Incident Response & Investigation Investigate and respond to security incidents from detection through containment and remediation Perform forensic analysis on compromised systems, including memory dumps, disk images, and log analysis Conduct malware analysis and reverse engineering to understand attack vectors and tactics Execute incident response procedures and technical playbooks during active security events Analyse security alerts from SIEM, EDR, and other security tools to identify genuine threats Perform root cause analysis and document technical findings for post-incident reports Engage directly with affected systems to contain threats and support recovery Security Tools & Platform Engineering Hands-on configuration and optimisation of the Microsoft Defender suite (Endpoint, Office 365, Identity, Cloud Apps) Build and tune detection rules, hunting queries, and automated response workflows Configure and maintain SIEM platforms, correlation rules, and security use cases Integrate security tools and orchestrate automated response capabilities Troubleshoot technical issues across security infrastructure and monitoring tools Test and validate security controls and detection capabilities Vulnerability Assessment & Testing Perform hands-on vulnerability scanning across infrastructure and applications Conduct penetration testing exercises to identify security weaknesses Exploit and validate vulnerabilities to assess real-world risk Analyse scan results and manually verify findings Work with technical teams to validate and test remediation efforts Maintain and configure vulnerability scanning tools and assessment platforms Threat Hunting & Proactive Defense Conduct proactive threat hunting activities across the environment Analyse network traffic, system logs, and endpoint telemetry to identify anomalies Investigate suspicious activity and potential indicators of compromise Develop and execute custom detection logic and hunting hypotheses Perform deep-dive analysis of advanced persistent threats Build custom scripts and tools to support security operations SOC Provider & Technical Coordination Work directly with external SOC analysts during incident investigations Provide technical guidance and escalation support for complex security events Review and validate alerts and findings from SOC providers Collaborate on tuning detection rules and reducing false positives Participate in technical reviews of SOC performance and capabilities Share threat intelligence and technical indicators with SOC partners Essential Requirements Technical Experience Minimum 10 years of hands-on cybersecurity experience, with at least 5 years in incident response Proven experience investigating and responding to complex security incidents Hands-on experience with vulnerability assessments and penetration testing Direct experience configuring and managing security tools (SIEM, EDR, IDS/IPS, etc.) Experience working technically with external SOC providers Strong hands-on experience with Microsoft Defender (Endpoint, Office 365, Identity, Cloud Apps) Experience performing forensic analysis and malware investigations Ability to work independently and integrate quickly into new environments Previous freelance or consulting experience in similar roles Core Technical Skills Expert understanding of incident response methodologies (NIST, SANS) Hands-on SIEM experience (Splunk, Sentinel, QRadar) Strong scripting skills (PowerShell, Python, Bash) Deep technical knowledge of Windows, Linux, and networking Experience with forensic tools (EnCase, FTK, Volatility) Packet analysis skills (Wireshark, tcpdump) Malware analysis techniques and tooling Penetration testing tools (Metasploit, Burp Suite, Nmap) Strong knowledge of MITRE ATT&CK and kill chain models Practical cloud security experience (Azure, AWS, or GCP) Language Requirements Fluent English (written and spoken) German language skills are essential Security Frameworks & Standards Practical knowledge of ISO 27001, NIST CSF, and CIS Controls Understanding of GDPR, PCI-DSS, SOX, and related regulations Experience validating and testing security controls Consulting Skills & Attributes Hands-on technical problem solver Able to make decisions under pressure during live incidents Self-starter who adapts quickly to new environments and tools Strong client-facing communication skills Professional consulting demeanour and presentation style Highly analytical with strong attention to detail Comfortable working in command-line environments Passion for emerging threats and attack techniques Excellent documentation and report-writing skills Ability to provide strategic security recommendations alongside implementation Desirable Banking or financial services sector experience Experience with SOAR platforms and security automation Background in offensive security or red teaming CTF participation or security research contributions Experience with threat intelligence platforms Cloud-native and container security experience Freelance Engagement Details Engagement Type: Freelance contract (Freiberufler) Location: Cologne, Germany (Köln) Duration: 12 months Work Model: Remote (German-speaking environment) Start Date: March 2026 Rate: Competitive daily rate based on experience Requirements: Valid German work permit or EU right to work Business Registration: Freiberufler or own company (GmbH / UG)  
Learn More
View All

Latest Blogs

View all blogs