Job description details
Intro
Hornetsecurity keeps businesses around the world safe - and now we’re looking for someone in Hannover (List) who’s just as passionate about security as we are.
As an Information Security Specialist (m/f/d), you’ll design, build, and strengthen the defenses that thousands of organizations rely on every day. Ready to take on meaningful challenges in a team that moves fast and builds smart? Let’s go.
Your Job
You lead security projects:
* Own end-to-end delivery of security initiatives: from scoping and risk assessment to rollout and sign-off.
* Embed security requirements in product/IT projects (design reviews, threat modeling, test plans).
* Keep stakeholders aligned and the backlog moving - timelines, deliverables, budgets, and RAID logs.
You run technical audits:
* Plan and execute technical security audits across network, endpoint, application, and cloud environments.
* Coordinate and/or perform vulnerability assessments and penetration tests (internal & third-party).
* Produce clear findings, prioritized remediation plans, and track closure to completion.
You support SecOps:
* Partner with SOC: review SIEM alerts, refine detections and use cases, and assist with playbooks.
* Support incident response: triage → investigate → contain → eradicate → lessons learned.
* Strengthen operational hygiene: hardening, access governance, logging, and patch cadence.
You keep us compliant & aware:
* Contribute to ISO 27001 controls and readiness (policy updates, SoA evidence, internal audits).
* Support GDPR compliance (privacy by design, DPIAs, data minimization, breach procedures).
* Promote “secure by default” habits through training and enablement sessions.
Your Profile
* You hold a Master’s degree or engineering diploma in IT, computer science, or cybersecurity.
* You bring around 3 years of relevant professional experience.
Must-Have Skills & Qualifications:
* First experience auditing technical systems (configuration, architecture, etc.).
* Hands-on experience with audit tooling and translating results into actionable engineering tasks.
* Understanding of common technologies and architectures used in business environments.
* Strong technical writing ability and skill in explaining complex topics simply.
* Comfortable running risk assessments and translating policy/control language into practical steps.
* Clear communicator able to brief executives and coach engineers.
* Strong documentation skills.
* Strong command of written and spoken English and German/French (additional languages are a plus).
* Proactive and solution-oriented mindset.
Nice-to-Have Skills:
* ISO 27001 Lead Auditor / Implementer.
* CISSP / CISM.
* OSCP.
* PMP / Prince2.
* Familiarity with NIST / CIS control frameworks.
Technology / Tools Knowledge:
* Security standards (ISO 27001, NIST CSF, CIS Controls, OWASP Top 10 / ASVS, GDPR) and DevSecOps/Agile methodologies.
* SIEM/SOAR (e.g., Sentinel, Splunk), EDR/XDR, vulnerability management (Qualys/Nessus), SAST/DAST.
* Cloud security (Azure/AWS/GCP), containers/Kubernetes, identity systems (SSO/MFA/FIDO2), modern authentication patterns.
* GRC tool management and automation.
* ITIL V4 (Foundation).
Your Benefits
* Be part of a growing global company in one of the most dynamic industries - cybersecurity.
* Short decision paths and flat hierarchies in an open working atmosphere.
* Personal and professional development opportunities.
* Unlimited contracts - we’re looking for hornets to grow long-term with us.
* Temporary Employee Exchange Program - opportunity to work at global office locations (e.g. Malta, Madrid, Montréal, Washington D.C.).
* Home-office option (hybrid) and flexible, trust-based working time.
* Team events like Laser Tag, Escape Rooms, or nights out together.
* Be-Active Bonus - allowance for fitness and sports club memberships.
* Referral Bonus - 1500€ for each successful referral.