Head of Cyber Defense

Head of Cyber Defense

Location: Greater Munich Area (Hybrid)

Annapurna are seeking an experienced Cyber Defense Lead to strengthen a global security operations and help shape the future of their cyber resilience strategy. This role combines hands-on technical expertise with strategic oversight of managed detection and response (MDR) operations and internal SOC processes. You’ll be instrumental in driving continuous improvement in threat detection, incident response, and proactive defense across IT and OT environments.

Key Responsibilities:

• Serve as the primary point of contact for our Managed Detection and Response (MDR) partner, managing day-to-day operations, service delivery, and escalations.
• Review, analyze, and validate security alerts and incidents to ensure timely and effective response.
• Continuously refine and improve detection, containment, and response procedures.
• Develop and maintain SOC documentation, including playbooks, workflows, and operational runbooks.
• Lead initial triage and coordination of security incidents, ensuring smooth handover to technical or business stakeholders.
• Conduct post-incident reviews and debriefs to capture lessons learned and enhance response maturity.
• Manage and optimize SIEM/SOAR configurations, integrations, and detection use cases.
• Define KPIs, metrics, and performance reports to measure and improve SOC effectiveness.
• Collaborate closely with IT, OT, and business units to expand monitoring coverage and threat visibility.
• Support the CISO in defining the roadmap for an evolving internal SOC capability.
• Mentor junior analysts and contribute to building a high-performing cyber defense team.

Your Profile:

• Degree in Computer Science, Information Security, or a related field—or equivalent professional experience.
• Advanced knowledge of SIEM, SOAR, EDR/XDR, and vulnerability management tools.
• Solid understanding of attack techniques (MITRE ATT&CK framework), threat intelligence, and modern defense strategies.
• Minimum of five years’ experience in Security Operations, Incident Response, or Cyber Defense.
• Proven track record of working with MDR or SOC service providers.
• Strong hands-on experience in incident analysis, containment, and remediation.
• Ability to author and refine detection rules and operational playbooks.
• Relevant certifications such as GCIH, GCIA, GCFA, OSCP, or similar are a plus.
• Excellent communication skills in German and English.