Senior Incident Responder im Security Operations Center (SOC)

The German Pension Insurance Federation is the largest German pension insurance company and thus a cornerstone of social security in Germany. We accompany people all their lives – from start of work to retirement age. 24.2 million insured persons, 10.8 million pensioners and 3.5 million employers rely on us. We maintain a highly complex and diverse IT system landscape. The methods and techniques used in this environment, including the hardware and software techniques used, offer an interesting and challenging working environment. For the Security Operations Center, we are looking for a*n Senior Incident Responder at Security Operations Center (SOC) Location: Berlin or Würzburg Date of entry: Immediate Application deadline: 12.01.2026 Call number: 16-061-2025 Employment: Full time (part time is possible in principle) Remuneration: E12 TV EntgO-DRV Activity The Division 16 “Company Security” of the DRV Bund is responsible for IT and physical security, the protection of personal data, the protection of privacy and emergency management. Our Security Operations Center (SOC) is the central unit for the operational IT security of the DRV Bund and affiliated organisations. Within the SOC, the Incident Response Team acts as a specialized unit: It takes over the analysis and containment of security incidents, coordinates forensic investigations and ensures that we react quickly and effectively in critical situations. To strengthen our team, we are looking for a Senior Incident Responder (DFIR), who analyzes cyber attacks, coordinates Incident Response processes and actively contributes to the further development of our security measures.

Guide, conduct and coordinate incident-response processes, from analysis to containment and elimination of security incidents in cooperation with internal and external teams (e.g. CERTs, IT operation, IT forums) Secure data carriers and information for transfer to the Forensics service provider Working to optimize SIEM and EDR-Use-Cases to improve attack detection Creating Playbooks & Incident Response Plans to Standardize Processes for Fast and Efficient Response to Security Preventions Investigate malware to derive defense from malware analysis & reverse engineering

A completed university education (Bachelor, Diploma/FH) in the IT sector or an equivalent qualification, for example due to an IT-specific qualification or completed vocational training in the IT sector with relevant, tasks-relevant professional experience Multiannual experience in at least one of the tasks of Incident Response, Digital Forensics, Threat Intelligence, Threat Hunting Knowledge of network technologies, operating systems (Windows/Linux), security protocols and attack vectors (MITRE ATT&CK, Cyber Kill Chain) Experience with SIEM, EDR and Forensics tools Good knowledge of scripting/automatization (for example in Python, JavaScript, PowerShell, Bash) for incident response optimization Experience in reverse engineering or malware analysis or Threat Hunting is advantageous Understanding APT Tactics, Red Teaming or Penetration Testing desirable Certifications such as GCFA, GCIH, OSCP, CISSP or similar are advantageous German language skills in word and writing Good English knowledge of word and writing Embossed communication strength, coordination skills as well as an independent and self-organized procedure complete your profile

Exciting challenges in the field of Incident Response with all the benefits of a large public employer Sensual work and contributions to the security of a critical infrastructure Work with state-of-the-art security technology in a professional SOC environment as well as the possibility of further education and certification (e.g. SANS, GIAC, Offensive Security). Family-friendly, flexible and service-oriented working time models, the possibility to work predominantly in the home office, complemented by our service offers and cooperation partners for the reconciliation of work & family The health of our employees is important to us. We support the integration of occupational health management into working life Further information In order to occupy the position, we will have discussions with applicants who are in the narrower selection. Please note that you will be checked according to a security check law (§ 9 SÜG). This safety review may not have the result that there is a safety risk that is contrary to the safety-sensitive activity (§ 14 SÜG). These tasks require the willingness to participate in the willingness to call in the team and in urgent cases also to work outside regulated working hours (for example on weekends). The body requires the willingness to attend occasional service trips (inland) and the participation in further trainings/organizations outside the locations Berlin and Würzburg. This job description refers to an area in which women are underrepresented within the meaning of the Federal Employment Act. The German Pension Insurance Federation has set itself the goal of promoting women. We therefore look forward to receiving applications from women with particular interest. Persons with a severe disability or persons with equal status within the meaning of § 2 para. 2 and 3 SGB IX are preferably taken into account with the same suitability.

We welcome applications from people of all nationalities. .