Senior Cyber Security Engineer - remote

Freelance Position | Cologne, Germany - €700-900 per day

Job Overview

We are seeking an experienced Cyber Defense Consultant for a freelance engagement based in Cologne, Germany to provide hands-on technical expertise for our client in their cyber security operations. This is a technical security engineering role requiring deep expertise in incident response, threat detection, vulnerability management, and defensive security operations. You will be directly investigating security incidents, performing forensic analysis, conducting vulnerability assessments, and working hands-on with security tools and systems. This freelance position requires an experienced engineer who can hit the ground running, provide immediate technical value, and deliver professional consulting services in defending against complex security threats.

Key Responsibilities

Hands-On Incident Response & Investigation

• Directly investigate and respond to security incidents from detection through containment and remediation
• Perform forensic analysis on compromised systems, including memory dumps, disk images, and log analysis
• Perform root cause analysis and document technical findings for post-incident reports
• Engage directly with affected systems to contain threats and recover from incidents

Security Tools & Platform Engineering

• Handson configuration and optimization of Microsoft Defender suite (Endpoint, Office 365, Identity, Cloud Apps)
• Build and tune detection rules, hunting queries, and automated response workflows
• Integrate security tools and orchestrate automated response capabilities
• Troubleshoot technical issues with security infrastructure and monitoring tools
• Test and validate security controls and detection capabilities

Vulnerability Assessment & Testing

• Perform hands-on vulnerability scanning and assessment across infrastructure and applications
• Conduct penetration testing exercises to identify security weaknesses
• Work directly with technical teams to validate and test remediation efforts
• Maintain and configure vulnerability scanning tools and assessment platforms

SOC Provider & Technical Coordination

• Work directly with external SOC analysts during incident investigations
• Provide technical guidance and escalation support for complex security events
• Review and validate alerts and findings from SOC providers
• Collaborate on tuning detection rules and reducing false positives
• Participate in technical reviews of SOC performance and capabilities
• Share threat intelligence and technical indicators with SOC partners

Essential Requirements

Technical Experience

• Minimum 5 years of hands-on technical cyber security experience
• Proven track record of directly investigating and responding to complex security incidents
• Hands-on experience performing vulnerability assessments and penetration testing
• Practical experience working with external SOC providers at a technical level
• Extensive hands-on experience with Microsoft Defender platform (Endpoint, Office 365, Identity, Cloud Apps)
• Demonstrated ability to work independently and integrate quickly into new client environments
• Previous freelance or consulting experience in similar technical roles

Language Requirements

• German language skills preferred
• English (written and spoken) - required

Consulting Skills & Attributes

• Hands-on, technical problem-solver who enjoys working directly with systems and tools
• Ability to work independently during security incidents and make technical decisions under pressure
• Self-starter who can quickly adapt to new client environments and toolsets
• Strong client-facing skills and ability to communicate technical findings effectively to stakeholders
• Strong analytical mindset with attention to detail in technical investigations
• Ability to provide strategic security recommendations alongside technical implementation

Desirable

• Banking or financial services sector experience - hands-on experience with financial sector threats, fraud investigations, and regulatory incident response
• Experience with SOAR platforms and security automation development
• Background in offensive security or red team operations

Freelance Engagement Details

• Engagement Type: Freelance contract (Freiberufler)
• Location: Cologne, Germany (Köln)
• Duration: 12 months
• Start date: March 2026
• Business registration: Must be registered as Freiberufler or through own company (GmbH/UG)