Information Security Specialist – Germany

Hornetsecurity keeps businesses around the world safe — and now we’re looking for someone in Hannover (List) who’s just as passionate about security as we are.

As an Information Security Specialist (m/f/d), you’ll design, build, and strengthen the defenses that thousands of organizations rely on every day. Ready to take on meaningful challenges in a team that moves fast and builds smart? Let’s go.

• Own end-to-end delivery of security initiatives: from scoping and risk assessment to rollout and sign-off.
• Embed security requirements in product/IT projects (design reviews, threat modeling, test plans).
• Keep stakeholders aligned and the backlog moving — timelines, deliverables, budgets, and RAID logs.
• Plan and execute technical security audits across network, endpoint, application, and cloud environments.
• Coordinate and/or perform vulnerability assessments and penetration tests (internal & third-party).
• Produce clear findings, prioritized remediation plans, and track closure to completion.

• Partner with SOC: review SIEM alerts, refine detections and use cases, and assist with playbooks.
• Strengthen operational hygiene: hardening, access governance, logging, and patch cadence.

• Contribute to ISO 27001 controls and readiness (policy updates, SoA evidence, internal audits).
• Support GDPR compliance (privacy by design, DPIAs, data minimization, breach procedures).
• Promote “secure by default” habits through training and enablement sessions.

• You hold a Master’s degree or engineering diploma in IT, computer science, or cybersecurity.
• You bring around 3 years of relevant professional experience.

• First experience auditing technical systems (configuration, architecture, etc.).
• Hands‑on experience with audit tooling and translating results into actionable engineering tasks.
• Understanding of common technologies and architectures used in business environments.
• Strong technical writing ability and skill in explaining complex topics simply.
• Comfortable running risk assessments and translating policy/control language into practical steps.
• Clear communicator able to brief executives and coach engineers.
• Strong command of written and spoken English and German/French (additional languages are a plus).
• Proactive and solution‑oriented mindset.

• CISSP / CISM.
• OSCP.
• PMP / Prince2.
• Familiarity with NIST / CIS control frameworks.

• Security standards (ISO 27001, NIST CSF, CIS Controls, OWASP Top 10 / ASVS, GDPR) and DevSecOps/Agile methodologies.
• SIEM/SOAR (e.g., Sentinel, Splunk), EDR/XDR, vulnerability management (Qualys/Nessus), SAST/DAST.
• Cloud security (Azure/AWS/GCP), containers/Kubernetes, identity systems (SSO/MFA/FIDO2), modern authentication patterns.
• GRC tool management and automation.
• ITIL V4 (Foundation).