Information Security Specialist – Germany

Job description details

Intro

Hornetsecurity keeps businesses around the world safe — and now we’re looking for someone in Hannover (List) who’s just as passionate about security as we are.

As an Information Security Specialist (m/f/d), you’ll design, build, and strengthen the defenses that thousands of organizations rely on every day. Ready to take on meaningful challenges in a team that moves fast and builds smart? Let’s go.

Your Job

You lead security projects:

• Own end-to-end delivery of security initiatives: from scoping and risk assessment to rollout and sign-off.
• Embed security requirements in product/IT projects (design reviews, threat modeling, test plans).
• Keep stakeholders aligned and the backlog moving — timelines, deliverables, budgets, and RAID logs.

You run technical audits:

• Plan and execute technical security audits across network, endpoint, application, and cloud environments.
• Coordinate and/or perform vulnerability assessments and penetration tests (internal & third-party).
• Produce clear findings, prioritized remediation plans, and track closure to completion.

You support SecOps:

• Partner with SOC: review SIEM alerts, refine detections and use cases, and assist with playbooks.
• Support incident response: triage → investigate → contain → eradicate → lessons learned.
• Strengthen operational hygiene: hardening, access governance, logging, and patch cadence.

You keep us compliant & aware:

• Contribute to ISO 27001 controls and readiness (policy updates, SoA evidence, internal audits).
• Support GDPR compliance (privacy by design, DPIAs, data minimization, breach procedures).
• Promote “secure by default” habits through training and enablement sessions.

Your Profile

• You hold a Master’s degree or engineering diploma in IT, computer science, or cybersecurity.
• You bring around 3 years of relevant professional experience.

Must-Have Skills & Qualifications:

• First experience auditing technical systems (configuration, architecture, etc.).
• Hands-on experience with audit tooling and translating results into actionable engineering tasks.
• Understanding of common technologies and architectures used in business environments.
• Strong technical writing ability and skill in explaining complex topics simply.
• Comfortable running risk assessments and translating policy/control language into practical steps.
• Clear communicator able to brief executives and coach engineers.
• Strong documentation skills.
• Strong command of written and spoken English and German/French (additional languages are a plus).
• Proactive and solution-oriented mindset.

Nice-to-Have Skills:

• ISO 27001 Lead Auditor / Implementer.
• CISSP / CISM.
• OSCP.
• PMP / Prince2.
• Familiarity with NIST / CIS control frameworks.

Technology / Tools Knowledge:

• Security standards (ISO 27001, NIST CSF, CIS Controls, OWASP Top 10 / ASVS, GDPR) and DevSecOps/Agile methodologies.
• SIEM/SOAR (e.g., Sentinel, Splunk), EDR/XDR, vulnerability management (Qualys/Nessus), SAST/DAST.
• Cloud security (Azure/AWS/GCP), containers/Kubernetes, identity systems (SSO/MFA/FIDO2), modern authentication patterns.
• GRC tool management and automation.
• ITIL V4 (Foundation).

Your Benefits

• Be part of a growing global company in one of the most dynamic industries — cybersecurity.
• Short decision paths and flat hierarchies in an open working atmosphere.
• Personal and professional development opportunities.
• Unlimited contracts — we’re looking for hornets to grow long-term with us.
• Temporary Employee Exchange Program — opportunity to work at global office locations (e.g. Malta, Madrid, Montréal, Washington D.C.).
• Home-office option (hybrid) and flexible, trust-based working time.
• Team events like Laser Tag, Escape Rooms, or nights out together.
• Be-Active Bonus — allowance for fitness and sports club memberships.
• Referral Bonus — 1500€ for each successful referral.