Security Incident Manager

The Senior Security Incident Responder (m/f/d) leads the investigation and resolution of high-severity cybersecurity incidents. They are the first line of defense during active attacks and play a vital role in incident lifecycle management—from detection to recovery and root cause analysis.  LOCATION: Please note that the working location for this position will be in Madrid city,where we are currently setting up a new office location. Until the office is fully set-up within the next few months, you will have the possibility to work flexibly from home-office and continue with a hybrid working model afterwards. This position is not a fully remote position, and an onsite presence will be required once our office location is ready.  Please kindly note that will be unable to respond to applications between 22 December 2025 and 6 January 2026 (both inclusive) due to limited availability during the holiday season.Thank you for your understanding.  Creating passion: your responsibilities Incident Response: Coordinating and executing the response to security incidents, including containment, eradication, and support in recovery efforts Digital Forensics: Conduct digital forensics investigations to analyze compromised systems, gather evidence, and identify the scope and impact of security incident Threat Analysis & Reporting: Correlate logs, alerts, and IOCs to identify root causes and attack paths, Create detailed incident reports and executive summaries and Conduct lessons-learned sessions and recommend preventive measures Documentation: Maintain detailed records of incident response activities, findings, and lessons learned to support post-incident reviews and reporting Collaboration: Work closely with other members of the SOC/CERT team and cross-functional teams to ensure a comprehensive approach to incident management Monitoring and Detection: Monitoring security alerts and events to identify potential incidents and escalate them as necessary Continuous Improvement: Contribute to the development and refinement of incident response processes, tools, and techniques based on experience and emerging threats Contributing your strengths: your qualifications Bachelor’s/Master’s in Cybersecurity, Computer Science, or related field 6+ years in cybersecurity, ideally as Security Incident Responder Proficiency in digital forensics tools and techniques (e.g. EZ Tools, Velociraptor, Autopsy) Hands-on knowledge of SIEM, and security analytics tools (e.g. Microsoft Sentinel, Microsoft Defender XDR, Elastic SIEM) Experience in security incident handling, digital forensics, or a related role English is a must, German and French are a plus Understanding of cybersecurity frameworks and standards (e.g. ISO27001, NIST, GDPR) Strong analytical and problem-solving skills Following certificates are a plus: GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA), Cloud certifications (AWS, Azure, or GCP) Our commitment to you: your benefits At Liebherr, we believe people are at the heart of our success. As part of our international team, you’ll enjoy a secure role in a family-owned company that values innovation, collaboration, and long-term career growth:  Competitive compensation and benefits package that recognizes your expertise Flexible and hybrid working model Creative freedom and responsibility to shape processes and solutions in our global transformation Continuous learning and development with tailored training and certification opportunities Meal vouchers Life and accident insurance Option to include a premium private health insurance package as part of the flexible remuneration A safe, stable and international workplace within a trusted family business that invests in people Please only use the online application option. Please note that we do not accept applications via recruitment agencies for this position.