Information Security Specialist

Hornetsecurity keeps businesses around the world safe - and now we’re looking for someone in Hannover (List) who’s just as passionate about security as we are. As an Information Security Specialist (m/f/d), you’ll design, build, and strengthen the defenses that thousands of organizations rely on every day. Ready to take on meaningful challenges in a team that moves fast and builds smart? Let’s go.

Your Job

You Lead security projects

• Own end-to-end delivery of security initiatives: from scoping and risk assessment to rollout and sign-off.
• Embed security requirements in product/IT projects (design reviews, threat modeling, test plans).
• Keep stakeholders aligned and the backlog moving—timelines, deliverables, budgets, and RAID logs.

You run technical audits

• Plan and execute technical security audits across network, endpoint, application, and cloud.
• Coordinate and/or perform vulnerability assessments and penetration tests (internal & third-party).
• Produce crisp findings, prioritized remediation plans, and track closure to “done.”

You support SecOps

• Partner with SOC: review SIEM alerts, refine detections/use cases, and help with playbooks.
• Assist incident response: triage → investigate → contain → eradicate → lessons learned.
• Strengthen hygiene: hardening, access governance, logging, and patch cadence.

You keep us compliant & aware

• Contribute to ISO 27001 controls and readiness (policy updates, SoA evidence, internal audits).
• Support GDPR in projects (privacy by design, DPIAs, data minimization, breach procedures).
• Champion secure-by-default habits with training and lightweight enablement sessions.

Your Profile

• You hold a Master’s degree or engineering diploma in IT, computer science, or cybersecurity.
• You bring around 3 years of relevant professional experience.

Must-Have Skills & Qualifications:

• First experience in auditing technical systems (configuration, architecture…).
• Hands-on with audit tooling and translating results into actionable engineering tasks.
• Understanding of usual technologies and architectures used in business.
• Technical writing and the ability to explain complex topics simply.
• Comfortable running risk assessments and translating policy/control language into practical steps.
• Clear communicator who can brief execs and coach engineers—with strong documentation skills.
• Strong command of written and spoken English and German/French; additional languages are a plus.
• Proactiveness and solution-oriented mindset.

Nice-to-Have Skills / Added Advantage:

• ISO 27001 Lead Auditor/Implementer.
• CISSP/CISM.
• OSCP.
• PMP/Prince2.
• NIST / CIS control matrix.

Technology / Tools Knowledge:

• Knowledge of security standards (ISO 27001, NIST CSF, CIS Controls, OWASP (Top 10, ASVS), GDPR) and Development Methodologies (DevsecOps, Agile).
• SIEM/SOAR (e.g., Sentinel, Splunk), EDR/XDR, vulnerability management (Qualys/Nessus), SAST/DAST.
• Cloud security (Azure/AWS/GCP), containers/K8s, identity (SSO/MFA/FIDO2), modern auth patterns.
• GRC Tool management and automation to simplify our compliance process.
• ITIL V4 level (start with foundation).

Your Benefits

• Be part of a growing global company in one of the most dynamic industries – cybersecurity.
• Short decision paths and flat hierarchies in an open work atmosphere.
• Personal and professional development opportunities.
• Unlimited contracts – we’re looking for hornets to grow long-term with us.
• Temporary Employee Exchange Program – we provide the ability for you to work at our global office locations and explore the world (e.g. Malta, Madrid, Montréal, Washington D.C.).
• Home-Office Option (hybrid) and flexible, trust-based working time.
• Team events like Laser Tag, Escape Room or nights out together – let yourself be surprised.
• Be-Active Bonus – we’ll keep you healthy with an allowance for your membership in fitness and sports clubs.
• Referral Bonus: we pay 1500€ for each referral who is successfully hired by us!