Zum Inhalt springen
English

Cybersecurity Engineer (m/w/d)

  • On-site, Remote, Hybrid
    • Germany-Remote, Bayern, Germany
    • Vienna, Wien, Austria
    • Innsbruck, Tirol, Austria
    • München, Bayern, Germany
    • Berlin, Berlin, Germany
    +4 more
  • Machine Learning Security

Job description

Company Overview:

At Machine Learning Reply, we provide cutting-edge consulting services at the intersection of AI and cybersecurity. Our team of experts helps businesses protect their AI-driven systems, data pipelines, and cloud infrastructures from evolving security threats. We are passionate about making AI safer, more ethical, and more resilient for companies across industries. As we continue to expand, we’re looking for a skilled Cybersecurity Engineer to join our consulting team and deliver security solutions to our clients.


Job Description:

We are seeking an experienced Cybersecurity Engineer to work closely with our clients on implementing, managing, and enhancing their security strategies. As a Cybersecurity Engineer at our consulting firm, you will assess client environments, design robust security solutions, and support security incident response efforts. This role requires a solid understanding of security fundamentals, hands-on experience with security tools, and the ability to communicate complex security concepts to a variety of stakeholders.


Responsibilities:

  • Conduct security assessments and vulnerability scans to identify and mitigate risks across client infrastructures.
  • Design, implement, and manage network security architecture including firewalls, VPNs, and intrusion detection/prevention systems.
  • Work with client teams to monitor and analyze security events, providing rapid response to potential threats and incidents.
  • Develop and implement endpoint and application security measures to prevent unauthorized access and mitigate potential threats.
  • Implement identity and access management (IAM) solutions, ensuring secure access to critical systems and data.
  • Advise clients on regulatory compliance (e.g., GDPR, CCPA, HIPAA, PCI-DSS), helping them meet security standards and implement best practices.
  • Conduct penetration testing and red teaming exercises to identify vulnerabilities and recommend remediation strategies.
  • Automate security processes and build scripts to improve efficiency and reduce human error.
  • Collaborate with clients’ IT and DevOps teams to integrate security into the SDLC (Secure Development Lifecycle) for continuous security assurance.
  • Educate and train client teams on cybersecurity best practices, ensuring a culture of security awareness across client organizations.

Job requirements

Qualifications:

Education:

  • Bachelor’s or Master’s degree in Cybersecurity, Information Security, Computer Science, or related fields.
  • Security certifications such as CISSP, CEH, CompTIA Security+, OSCP, or CISM are highly preferred.

Experience:

  • 3+ years of experience in cybersecurity engineering, with proven experience in network security, vulnerability management, and incident response.
  • Hands-on experience working in a consulting environment is a plus.
  • Strong background in infrastructure security and application security, with experience securing both on-premises and cloud environments.
  • AWS or Azure cloud knowledge and certifications in the relevant security domain 
  • Familiarity with regulatory frameworks such as NIST, ISO 27001, and CIS Benchmarks.

Useful Skills:

  1. Core Cybersecurity Skills:
    • Deep understanding of network security principles, including firewalls, VPNs, IDS/IPS, and data loss prevention (DLP).
    • Experience in threat modeling, vulnerability assessment, and penetration testing.
    • Knowledge of encryption and cryptographic protocols to ensure data integrity and confidentiality.
    • Proficiency in web application security, securing APIs, and mitigating common vulnerabilities (e.g., OWASP Top 10).
    • Expertise in IAM (Identity and Access Management), including single sign-on (SSO) and multi-factor authentication (MFA).
  2. Incident Response & Threat Intelligence:
    • Hands-on experience in security incident management: analyzing incidents, mitigating impact, and conducting root cause analyses.
    • Proficiency in SIEM (Security Information and Event Management) tools, such as Splunk, QRadar, or ELK Stack, for monitoring, detection, and response.
    • Knowledge of threat intelligence tools and resources to stay updated on the latest threat vectors, malware, and cyberattack trends.
  3. Security Automation & Scripting:
    • Proficiency in scripting languages such as Python, Bash, or PowerShell to automate security monitoring and response activities.
    • Experience in automating vulnerability scans, monitoring tools, and security reporting.
    • Knowledge of DevSecOps principles and experience with integrating security tools into CI/CD pipelines (e.g., Jenkins, GitLab).
  4. Compliance & Governance:
    • Familiarity with compliance standards and frameworks (e.g., GDPR, HIPAA, PCI-DSS) and the ability to implement controls that meet regulatory requirements.
    • Experience in audit preparation and compliance assessments to help clients achieve and maintain certification.
    • Knowledge of Zero Trust architecture principles for modern, boundaryless security models.
  5. Soft Skills & Consulting:
    • Excellent communication skills, capable of translating complex security concepts for both technical and non-technical audiences.
    • Strong interpersonal skills with a client-first approach in delivering tailored security solutions.
    • Proven project management skills and the ability to manage multiple client engagements.
    • Strong analytical and problem-solving skills, with a proactive approach to mitigating and managing security risks.

Technologies:

  • Network Security:
    • Expertise with firewalls (e.g., Palo Alto, Cisco ASA), VPNs, and IDS/IPS (e.g., Snort, Suricata).
    • Experience with Web Application Firewalls (WAFs) and Content Delivery Networks (CDNs) for application security.
  • Endpoint Security:
    • Proficiency in endpoint detection and response (EDR) tools like CrowdStrike, Carbon Black, or Microsoft Defender for Endpoint.
    • Experience with antivirus and malware protection solutions and managing enterprise-level endpoint security.
  • SIEM and Monitoring:
    • Hands-on experience with SIEM tools like Splunk, QRadar, and ELK Stack for monitoring and analyzing security events.
    • Familiarity with cloud-native monitoring tools (e.g., AWS CloudTrail, Azure Sentinel) for cloud security.
  • Automation & Scripting:
    • Proficiency in scripting languages like Python, Bash, PowerShell for task automation.
    • Experience with Ansible or Puppet for infrastructure automation, as well as Terraform or CloudFormationfor Infrastructure as Code (IaC).
  • Penetration Testing Tools:
    • Familiarity with tools like Metasploit, Nmap, Burp Suite, and Nessus for vulnerability assessments and penetration testing.
    • Experience with Red Team/Blue Team exercises to assess organizational security.
  • Compliance & Reporting:
    • Experience with GRC (Governance, Risk Management, and Compliance) platforms like Archer, ServiceNow, or OpenPages.
    • Familiarity with data privacy laws and standards (GDPR, CCPA, HIPAA) and how they impact security design and reporting.

Bonus Skills:

  • Understanding and expertise on the EU AI Act
  • Familiarity with zero-trust architectures for AI systems.

  • Understanding of artificial intelligence and machine learning security implications.

Perks and Benefits:

  • Opportunity to work with diverse clients across multiple industries.
  • Competitive salary and performance bonuses.
  • Choice of the hardware between MacBooks/Windows and iPhones/Android.
  • Access to cutting-edge AI security technologies.
  • Professional development and continuous learning opportunities.
  • Flexible work arrangements.


or