IT Security Expert - Incident Response

Job type:Permanent
Town/City:Unterschleißhei
Region:Bayern
Sector:Cyber Security
Client Company Type:In-House
Job ref:9991
Post Date:July 6, 2026

About the Role

IT Security Expert: Incident Response

The Opportunity

Tired of firefighting alerts with no say in the strategy behind them? This role gives you ownership of a Data Loss Prevention programme from the ground up, not just a seat monitoring someone else's.

The Role

You'll take the lead on building out DLP across the business: identifying sensitive data with stakeholders, selecting protective measures, then installing, configuring and integrating the DLP solution into the infrastructure yourself.

Beyond that, you'll manage and tune SIEM and DLP rule sets, sharpen detection as new threats emerge, and run regular audits to prove the programme's working. You'll also help build a security-first culture through training and clear guidance, and take on other security projects as they come up.

The Company

Our client is a well-established, regulated financial services organisation investing seriously in its security maturity. This is a newly-focused mandate rather than a legacy function you're inheriting, so you'll have real scope to shape how DLP is done here, not just follow an existing playbook.

What You'll Need

  • Practical experience in IT security, including penetration testing and incident response
  • Solid working knowledge of Windows, Linux and networks
  • Fluent German and English

How to Apply

Your CV doesn't need to be up to date. Send what you have, or give the MAM Gruppe team a call for a confidential chat about the role. Reach out to richard@mamgruppe.com.

More Jobs from this Recruiter

Unterschleißhei, Bayern

IT Security Expert - Incident Response

IT Security Expert: Incident Response The Opportunity Tired of firefighting alerts with no say in the strategy behind them? This role gives you ownership of a Data Loss Prevention programme from the ground up, not just a seat monitoring someone else's. The Role You'll take the lead on building out DLP across the business: identifying sensitive data with stakeholders, selecting protective measures, then installing, configuring and integrating the DLP solution into the infrastructure yourself. Beyond that, you'll manage and tune SIEM and DLP rule sets, sharpen detection as new threats emerge, and run regular audits to prove the programme's working. You'll also help build a security-first culture through training and clear guidance, and take on other security projects as they come up. The Company Our client is a well-established, regulated financial services organisation investing seriously in its security maturity. This is a newly-focused mandate rather than a legacy function you're inheriting, so you'll have real scope to shape how DLP is done here, not just follow an existing playbook. What You'll Need Practical experience in IT security, including penetration testing and incident response Solid working knowledge of Windows, Linux and networks Fluent German and English How to Apply Your CV doesn't need to be up to date. Send what you have, or give the MAM Gruppe team a call for a confidential chat about the role. Reach out to richard@mamgruppe.com.
Learn More
Mannheim, Baden-Württemberg

SOC Lead

SOC Lead Ready to Build Something That Doesn't Exist Yet? Most SOC roles ask you to maintain. This one asks you to create. A global industrial technology business, over 175 years old and still innovating, has made cyber security a boardroom priority. They're building their CDC from the ground up, and they need a Lead who can architect the entire function: strategy, processes, automation, tooling, and a team of analysts to back it up. This is a rare opportunity to put your name on something. No inherited processes. No legacy decisions to unpick. Just a clear mandate, executive backing, and the freedom to do it right. What You'll Be Doing You'll take end-to-end ownership of the CDC — defining how it operates, how it scales, and how it matures. Day to day, that means: Designing and owning all CDC processes, SOPs, runbooks, and playbooks — building from scratch, not from a template Leading an automation-first approach: implementing and continuously improving SOAR capabilities to cut manual workload and sharpen response times Developing the CDC roadmap with a clear eye on regulatory requirements including NIS2 and ISO 27001 Acting as incident manager for critical events — staying strategic, not getting pulled into the weeds Integrating OT security requirements into centralised monitoring alongside IT environments Selecting, optimising, and managing the security technology stack — SIEM, SOAR, XDR Leading, mentoring, and developing a team of 3–5 security analysts Reporting CDC performance to senior leadership through meaningful KPIs (MTTD, MTTR) The Company You'll be joining a global industrial technology business with a 175-year track record of innovation. The organisation operates across IT and OT environments at scale — which means the security challenges here are genuinely complex, and the investment behind this function is real. Cyber security has moved firmly onto the executive agenda. You'll have the organisational weight behind you to build this properly. What You'll Need Solid experience in a SOC, CDC, or Information Security leadership environment A process-first mindset — you think in workflows, not just incidents Hands-on experience with SOAR platforms and an instinct for automation Familiarity with SIEM and XDR tooling Working knowledge of relevant frameworks and standards — NIST, SANS, ISO/IEC 27001, NIS2 Experience leading and developing security analysts Business-level German and strong English — you'll need both Comfortable with on-call responsibilities and major incident availability How to Apply You can apply directly through this page, or reach out to the consultant listed in this advert if you'd prefer a conversation first. Your CV doesn't need to be polished or up to date — send what you have. If this sounds like the right move, we'd rather hear from you early than not at all.
Learn More
Munich, Bayern

Security Analyst

Security Analyst Location: Munich Our client is seeking a Security Analyst to support security testing and research activities across embedded and hardware-focused technology environments. This role focuses on vulnerability analysis, embedded software security and the evaluation of advanced security concepts within modern product ecosystems. Key Responsibilities: Perform security assessments and vulnerability analysis for embedded systems and connected devices. Support hardware and software-focused security testing activities. Contribute to security reviews, technical evaluations and risk assessments. Assist with the development of security testing methods and analysis techniques. Collaborate with international engineering and research teams on security-related initiatives. Support internal knowledge sharing and technical consulting activities. Evaluate emerging technologies and approaches related to embedded and product security. Your Profile: Degree in Computer Science, Engineering or a related technical field. Experience within embedded systems, security testing or security research environments. Understanding of embedded software, hardware security or cryptographic concepts. Familiarity with vulnerability analysis and security assessment methodologies. Experience with programming languages such as C, Java or low-level technologies would be advantageous. Strong analytical and troubleshooting skills. Collaborative and solution-oriented working style. Fluent German and English language skills. What’s on Offer? Opportunity to work on advanced security and embedded technology topics. International and collaborative working environment. Flexible hybrid working model. Long-term technical development opportunities.
Learn More
Frankfurt, Hessen

Product Owner Cyber Hygiene

Vice Director Cyber Hygiene  Location: Frankfurt Our client is seeking a Vice Director Cyber Hygiene to support the operational and strategic development of its cyber hygiene and vulnerability management function. This role focuses on vulnerability scanning, tooling integration and the coordination of security operations within a complex environment. Key Responsibilities: Oversee day-to-day cyber hygiene and vulnerability management activities. Support vulnerability scanning operations and exposure management initiatives. Coordinate the integration and optimisation of security tooling and platforms. Collaborate with internal stakeholders on operational and security-related topics. Support the implementation of strategic security initiatives across the function. Contribute to operational governance, reporting and continuous improvement activities. Assist with the development and scaling of security operations capabilities. Your Profile: Strong experience within vulnerability management or cyber hygiene environments. Hands-on knowledge of Tenable One or comparable vulnerability management platforms. Understanding of security operations, scanning technologies and exposure management. Experience working within large or regulated environments would be advantageous. Strong communication and stakeholder management skills. Independent and solution-oriented working style. Fluent German and English language skills. What’s on Offer? Senior position within an international security environment. Exposure to large-scale cyber security and transformation initiatives. Collaborative and modern working culture. Long-term development and progression opportunities.
Learn More

Latest Blogs

View all blogs