Düsseldorf, DE Hannover, DE Würzburg, DE
Cybersecurity Expert - Senior Information Security Incident Manager (f/m/d)
Our team Cyber Security is looking for you!
We are Uniper
At Uniper, we are pro-actively transforming the world of energy whilst at the same time ensuring security of energy supply. As an internationally operating company, we work in very diverse teams with the greatest possible working time flexibility for our employees. Our corporate culture is characterized by equal opportunities, mutual appreciation, and respect. With us, you will be able to develop new business models, work on technological solutions for a modern, sustainable, and future-oriented energy supply as well as pro-actively help to shape changes. Interested? Then we will look forward to meeting you!
Your responsibilities
Overview:
The Uniper Cybersecurity Operations Center is continuously enhancing its capabilities to strengthen our cybersecurity readiness and response to evolving threats. To meet our growing maturity and scalability demands, we are expanding our internal team to bolster skills, capacity, and gain fresh external perspectives to refine our incident response and cybersecurity functions.
Role Description:
We are seeking skilled and experienced professionals with proven expertise in cybersecurity. You should be confident in assessing, classifying, and investigating potential threats or incidents. Ideally, you hold certifications such as Incident Handler and have deep knowledge of Microsoft products, Cloud Solutions, Palo Alto, PowerBI, and automation tools. Experience in forensics and using forensic tools is essential, along with strong familiarity with querying and coding languages.
You possess the ability to handle complex situations and communicate confidently with both technical and non-technical audiences. Your work is well-organized, and you consistently produce high-quality documentation, striving for continuous improvement in processes and procedures. Fluency in both English and German is required. If you're someone who thrives in dynamic environments and constantly seeks improvement— we want you on our team!
Key Responsibilities:
- Incident Lifecycle Management: Manage and coordinate the full lifecycle of information and cybersecurity incidents, including detection, containment, eradication, and restoration of affected systems. Act as the central communication point, coordinating incident management activities with IT and OT teams, service providers, suppliers, and other relevant stakeholders from start to finish
- Technical Expertise & Threat Identification: Leverage a strong technical background across multiple disciplines (Cloud, infrastructure, architecture, Industry 4.0) with a focus on information security. Identify malware types, infection methods, and objectives, while extracting and defining Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs)
- Threat Analysis & Monitoring: Analyze system logs, including network traffic, payloads, event logs, application logs, and firewall logs to detect and understand security incidents. Contribute to threat hunting activities, pen tests, forensic analysis, and continuous monitoring to enhance security posture
- SOC & Automation Integration: Apply experience in setting up or working within modern Security Operations Centers (NextGen/Fusion/Converged Cyber Defense Ops) with automation, orchestration, and threat intelligence tools. Familiarity with tools like Palo Alto XSOAR/XSIAM, MS Sentinel, and Defender for Cloud is highly valued
- Network & Endpoint Security: Provide expertise in network security and incident handling, with experience in managing firewalls and using advanced security solutions like Microsoft E5 Security (e.g., Palo Alto Cortex, MS Defender XDR)
- Threat Intelligence & Vulnerability Management: Collaborate with teams focused on Threat Intelligence and Vulnerability Management, ensuring proactive identification of threats and tracking remediation efforts. Familiarity with frameworks like Mitre ATT&CK and tools like MISP and Mandiant is preferred
- Documentation & Reporting: Prepare high-quality reports on security incidents, findings, and lessons learned. Generate documentation for processes, procedures, and playbooks, ensuring clear communication of outcomes to both technical and non-technical audiences. Crisis management and communications expertise are considered advantageous
- Emerging Threat Awareness: Stay informed about emerging threats and exploit vectors, sharing insights with leadership and cross-functional teams to inform decision-making and ensure continuous improvement
- Communication & Collaboration: Work closely with cross-functional teams, delivering clear, concise communication on security incidents, vulnerabilities, and mitigation strategies to all levels of the organization
Your profile
Qualifications:
- Education: Bachelor’s or Master’s degree in Computer Science, IT Security, Business Informatics, or a related field
- Experience: Minimum of 8 years in IT security with over 3 years of hands-on experience in Cyber Defense Operations Centers (CDC) or Security Operations Centers (SOC). Proven expertise in managing cybersecurity incidents, cyber defense operations, and threat intelligence with a strong technical background
- Technical Expertise: Deep knowledge of cybersecurity threats, attack techniques, and relevant intelligence tools (e.g., MISP, Mandiant). Proficiency in network architectures, cloud security, and IT security frameworks, including experience with Microsoft Azure and Palo Alto solutions. Familiarity with the MITRE ATT&CK framework and advanced incident response methodologies. Strong skills in coding and querying languages such as Python, KQL, XQL, GO, JavaScript, Java, C#/.NET, Rust, Lucene, and RegEx
- Certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or similar. Incident Response certifications such as E|CIH, GCIH, or GEIR are preferred. IT vendor certifications, particularly in Microsoft Azure and Palo Alto, would be advantageous
- Analytical Skills: Strong ability to analyze complex threat data, detect patterns, and develop actionable intelligence. Expertise in working with Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs) to enhance security operations
- Human Skills: Experience working within international teams, adept at managing intercultural communications, and promoting effective collaboration despite differing opinions or perspectives
- Other Requirements: Fluency in both spoken and written English and German is a plus
Key Attributes:
- Innovative & Analytical: You challenge the status quo, bringing new ideas and innovative solutions to the table. You are constantly looking for ways to enhance processes, especially in cybersecurity and technical problem-solving
- Team Player: While you thrive in individual tasks, you excel in collaborative environments and work well within cross-functional teams. You proactively offer assistance, contributing to team success even without being asked
- Problem Solver: You are an independent thinker and an excellent listener, capable of delivering effective solutions. You maintain your composure under pressure and solve complex technical challenges with ease, particularly in the context of cybersecurity operations
- Ownership & Accountability: You take full ownership of your work, ensuring accountability in every task. You deliver results that align with the organization’s goals and continually improve its cybersecurity defenses
- Strong Communicator: You possess excellent verbal and written communication skills, adept at explaining complex technical issues to both technical and non-technical audiences. You aren’t afraid to speak up, ensuring clarity in all communications
- Passionate & Motivated: You bring energy and enthusiasm to your work, balancing hard work with a positive attitude. You inspire and motivate those around you, staying engaged and driven to achieve top-tier results while enjoying your work
- Technical Expertise: Your skills extend to working with cybersecurity frameworks, threat intelligence tools, and coding languages like Python, KQL, and XQL. You leverage this technical knowledge to innovate and solve security challenges
This role demands a high level of expertise, leadership, and communication skills, ensuring that you contribute significantly to cybersecurity efforts while fostering a culture of innovation and accountability.
Your benefits
- Choosing how, where, and when to work in accordance with your team and the requirements of your job
- Modern and ergonomic equipment for your workplace (home & office)
- Support to balance private life and work: Sabbaticals, part-time possibilities, family service
- Car and bike leasing offer (deferred compensation)
- E-car charging stations at almost all Uniper locations
Health offers:
- Flu vaccination
- Preventive health services
- Employee assistance program
Company pension:
- Employer-funded contributions to a modern pension system
- Possibility of self-funded contributions with employer-funded matching
Trainings:
- Lifelong training
- Coaching
Our employees are the reason for our success. Therefore, you will find many other benefits at the local level to help you reach your potential. Energy evolutionary wanted!
Your contact
If you have any questions, please do not hesitate to contact us at:
career@uniper.energy
Attention! Please apply via the button in this portal. Application documents that reach us by post will not be returned and, like those we receive by e-mail, can unfortunately not be considered!
Job information
Contract type: | |
Working Hours: | |
As an employer, Uniper is committed to diversity and equal opportunities. Therefore, we encourage applications from suitably qualified individuals whose capabilities match the role requirements regardless of gender, origin, disability, age, religion, ideology, sexual identity or marital status. We live inclusion and support flexible working.
Screen readers cannot read the following searchable map.
Follow this link to reach our Job Search page to search for available jobs in a more accessible format.Screen readers cannot read the following searchable map.
Follow this link to reach our Job Search page to search for available jobs in a more accessible format.