In this senior individual-contributor role, you will lead and support incident response and digital forensics activities, partnering closely with SOC analysts, infrastructure, and application teams.

This position includes escalation of ownership during major incidents and requires participation in an on-call rotation.

Work hands-on with complex security incidents across endpoints, identity, network, and cloud.

Partner with global teams to quickly manage threats and reduce business impact.

Grow your DFIR skills in a mature, collaborative response function.

Impact: As a Cybersecurity Incident Responder, you'll play a crucial role in protecting our organization's information systems and data, making a significant impact on our business operations.

Tasks and responsibilities

• Monitor and analyze the security infrastructure, playing a key role in identifying and addressing threats and incidents to maintain the integrity, confidentiality, and availability of critical data and systems.
• Contribute to security incident response processes and best practices.
• Be the leader of critical security incident investigations.
• Carry out comprehensive security investigations by analyzing logs, network traffic... and other data sources to find root causes.
• Continuously improve and monitor our security incident detection and response workflows.
• Collaborate with cross-functional teams to implement and improve use cases, runbooks, and procedures to properly handle occurring security incidents.
• Act as a point of escalation for analysts on the team.
• Leverage your expertise to identify, evaluate, and recommend new tools and technologies that can enhance the incident response capabilities of the team.
• Provide expertise on Incident Response Activities and Digital Forensics, including the capture and preservation of system logs, volatile memory captures, image captures...

Requirements

• 5+ years of experience hands-on incident response.
• Hands-on experience in digital forensics, including the collection, triage, and analysis of evidence from endpoints using artifact extraction tools.
• Demonstrable experience in at least two of the following areas: Malware Analysis, Cloud Security, Vulnerability Management or Operational Technology.
• Programming experience in scripting languages like (Python, PowerShell or Bash).
• Solid understanding of Linux and Windows architecture, common networking protocols, and packet inspection concepts.
• Experience with security technologies such as firewalls, IDS/IPS, anti-malware, SIEM, and endpoint detection and response (EDR) tools.
• Excellent problem-solving skills and the ability to perform effectively under pressure during high-severity incidents.
• Strong written and verbal communication skills, including the ability to document findings and present recommendations.
• Advanced knowledge of common attack techniques (system exploits, network attacks, web protocols, phishing, and malware).
• Knowledge of how to integrate AI/LLM capabilities into Incident Response, such as automated evidence summarization, SOC/IR playbook automation, or detection-rule generation, is considered a plus.
• Hands-on experience in Red Team is considered a plus.
• Knowledge of cloud architecture, particularly AWS, is considered a plus.
• Security certifications like CRTO, OSCP, GCIH, GCFA, GEIR... are considered a plus.

Please note: The job title used in this advertisement may differ from the official contractual title.

#IamBoehringerIngelheim because...

We are continuously working to design the best experience for you. Here are some examples of how we will take care of you:

• Flexible working conditions
• Life and accident insurance
• Health insurance at a competitive price
• Investment in your learning and development
• Gym membership discounts

If you have read this far, what are you waiting for to apply? We want to know more about you!