Senior Incident Responder im Security Operations Center (SOC)

The German Pension Insurance Federation is the largest German pension insurance company and thus a cornerstone of social security in Germany. We accompany people all their lives – from start of work to retirement age. 24.2 million insured persons, 10.8 million pensioners and 3.5 million employers rely on us. For the Security Operations Center, we are looking for a*n Senior Incident Responder at Security Operations Center (SOC) Location: Berlin or Würzburg Date of entry: Immediate Application deadline: 10.05.2026 Call number: 16-016-2026 Employment: Full time (part time is possible in principle) Remuneration: E12 TV EntgO-DRV Activity

The Division 16 'Enterprise Security' of the DRV Bund is responsible for IT and physical security, the protection of personal data, the protection of privacy and emergency management. Our Security Operations Center (SOC) is the central unit for the operational IT security of the DRV Bund and affiliated organisations.

Within the SOC, the Incident Response Team acts as a specialized unit: It takes over the analysis and containment of security incidents, coordinates forensic investigations and ensures that we react quickly and effectively in critical situations.

To strengthen our team, we are looking for a Senior Incident Responder (DFIR), who analyzes cyber attacks, coordinates Incident Response processes and actively contributes to the further development of our security measures.

Guide, conduct and coordinate incident-response processes, from analysis to containment and elimination of security incidents in cooperation with internal and external teams (for example CERTs, IT-operating, IT-Forensics). Secure data carriers and information for transfer to the Forensics service provider Working with the optimization of SIEM and EDR-Use-Cases to improve attack detection. Create Playbooks & Incident Response Plans to standardize operations for quick and efficient response to security incidents. Investigate malware to derive defense from malware analysis & reverse engineering

A completed university education (Bachelor, Diploma) in the IT sector or an equivalent qualification, for example due to an IT-specific qualification or completed vocational training in the IT sector with relevant, tasks-relevant professional experience Multiannual experience in at least one of the tasks of Incident Response, Digital Forensics, Threat Intelligence, Threat Hunting Knowledge of network technologies, operating systems (Windows/Linux), security protocols and attack vectors (MITRE ATT&CK, Cyber Kill Chain). Experience with SIEM, EDR and Forensics tools. Basic knowledge of scripting/automatization (for example in Python, JavaScript, PowerShell, Bash) for incident response optimization. Experience in reverse engineering or malware analysis or Threat Hunting is beneficial. Understanding APT tactics, Red Teaming or Penetration Testing desirable. Certifications such as GCFA, GCIH, OSCP, CISSP or similar are advantageous. German language skills in word and writing Good English knowledge of word and writing Embossed communication strength, coordination skills as well as an independent and self-organized procedure complete your profile

Exciting challenges in the field of Incident Response with all the benefits of a large public employer Sensual work and contributions to the security of a critical infrastructure Work with state-of-the-art security technology in a professional SOC environment as well as the possibility of training and certification (for example SANS, GIAC, Offensive Security). Family-friendly, flexible and service-oriented working time models, the possibility to work up to 100% in the home office, complemented by our service offers and cooperation partners for the reconciliation of work & family The health of our employees is important to us. We support the integration of occupational health management into working life