Job Drop BerlinYOUR WAY INTO BERLIN TECH
POST A JOBSAVED JOBSMEET A STARTUPREADSUBSCRIBE
NewsletterLinkedIn
AboutTermsImpressumPrivacy

Detection & Response Lead

MMOIA
Seniority
Senior
Model
Remote
Sector
Consumer
Salary
Undisclosed
Contract
Full-Time

About the role

As a (Senior) Detection & Response Lead, you will take end-to-end ownership of MOIA's detection and response capability. You combine hands-on security engineering with strong incident leadership and the ability to turn ambiguous risks into practical, scalable operations. This is a senior individual contributor role with high visibility and a clear path to shaping a dedicated team as the function matures.

What you'll do

  • Build MOIA's Security Operations Center capability, including scope, operating model, responsibilities, escalation paths, and success metrics.
  • Own the SIEM strategy and implementation, including log source prioritization, data quality, detection logic, alert workflows and long-term maintainability.
  • Develop threat-informed detections across cloud, application, identity, endpoint, CI/CD and infrastructure environments.
  • Create and continuously improve incident response playbooks, triage processes, investigation workflows and post-incident learning.
  • Lead security investigations and coordinate response activities with engineering, platform, IT, legal, privacy and communication stakeholders when needed.
  • Define how MOIA measures detection and response maturity, including coverage, signal quality, false positives, MTTD and MTTR.
  • Evaluate and steer security tooling and external partners where they help us move faster or operate more reliably.

What you'll need

  • Several years of experience in security operations, detection engineering, incident response, cloud security or a similar security engineering role.
  • Hands-on experience building or significantly maturing SOC, SIEM or incident response capabilities.
  • Strong understanding of SIEM platforms and log pipelines, such as Splunk, Elastic, Microsoft Sentinel, Chronicle, Datadog or similar.
  • Experience writing detection rules, correlation logic and investigation queries using languages such as KQL, SPL, SQL, Sigma or equivalent.
  • Solid knowledge of cloud-native environments, ideally AWS, Kubernetes, serverless architectures, IAM and CI/CD security.
  • Ability to lead incidents calmly, communicate clearly under pressure and bring technical and non-technical stakeholders together.

Nice to have

  • Experience with SOAR, detection-as-code, security data lakes or scalable log retention strategies.
  • Background in AppSec, product security, cloud forensics or vulnerability management.
  • Experience in regulated, mobility, automotive or safety-critical environments.

What they offer

  • Competitive salary including bonus
  • Hybrid work setup with flexibility to work from home or offices
  • 30 vacation days, sabbatical and unpaid leave option
  • Subsidized public transport ticket and MOIA ride discounts
  • Learning environment with continuous learning days, trainings, conferences and coaching
  • Mental health support and relocation assistance
APPLY →