About us:

At IONOS, you will work in partnership with different teams at the leading European provider of sovereign cloud infrastructure, cloud services and hosting services. We offer you a perspective in one of the most future-proof industries. We are characterised by open work structures, a first-name culture and flat hierarchies with an incomparable team spirit. We are firmly convinced that job and fun are compatible and offer the appropriate environment for this. With constant growth, we are always looking for new colleagues. Become part of IONOS and let's grow together.

Main responsibilities:

• Operationalizing Threat Intelligence: Transform raw intelligence into actionable defense by integrating high-fidelity indicators and TTPs into our detection and response pipelines;
• Proactive Threat Hunting: Design and execute hypothesis-driven hunting campaigns across our cloud and hosting infrastructure to uncover sophisticated adversaries that bypass automated controls;
• Security Incident Management: Lead the end-to-end lifecycle of security incidents, from initial detection and containment to deep-dive post-mortem analysis and remediation tracking. 

Your main tasks include:

• Intelligence Infrastructure Engineering: Architect, deploy, and maintain our OpenCTI ecosystem, ensuring seamless integration with SIEM, IDS, and EDR platforms for automated threat enrichment;
• Intelligence Lifecycle Management: Manage the collection, normalization, and enrichment of threat data within OpenCTI, providing a "single source of truth" for our company;
• Strategic Threat Assessment: Constantly evaluate the global threat landscape (e.g., zero-days, supply chain attacks) and perform impact assessments to determine how IONOS infrastructure and KRITIS-regulated assets are affected;
• Incident Response Leadership: Act as the primary technical lead during high-severity incidents, coordinating with DevSecOps teams to implement rapid containment and recovery strategies.

This is what we wish for:

The basis for this challenging position is in-depth experience in the field of information security.
You also have the intrinsic motivation and passion to keep your knowledge up to date.

• In-depth Security Expertise: You have extensive experience in Incident Response and Threat Intelligence, preferably within high-scale cloud or ISP environments;
• Technical Proficiency: You are fluent in at least one programming language (ideally Python) for automation and have hands-on experience with modern virtual machines and container orchestration (Kubernetes/Docker);
• Framework Mastery: You have a deep understanding of the MITRE ATT&CK framework, and the Cyber Kill Chain, and you know how to apply them to real-world investigations;
• Regulated Environment Experience: You are comfortable prioritizing vulnerabilities and risks within certified frameworks such as KRITIS, NIS2, or ISO 27001;
• Crisis Leadership: You are a true team player who leads by example, staying calm and decisive when managing stakeholders during high-pressure, time-sensitive security incidents;
• Analytical Mindset: You possess strong problem-solving skills and the ability to translate complex technical findings into clear, actionable reports for both technical and non-technical audiences. 

What we offer:

• Access to local/international trainings, development and growth opportunities, including access to e-learning platforms, covering both technical and soft skills areas;
• Modern technologies, product responsibility;
• Flexible work schedule;
• Hybrid work option;
• Medical services package from one of two private providers;
• 25 vacation days per year;
• Substitute days off for public holidays that occur on the weekend;
• Meal tickets;
• Internal referral program;
• Team events, networking events organized to promote a passionate, creative and diverse culture;
• Summerfest and Winterfest parties;
• Of course, coffee, soft drinks and fresh fruits are on us in the office.

Job info

Location: Bucharest
Type:  | 
Category: IT Software Development
Reference ID: 1394