Operate and refine the CSIRT's playbooks, runbooks, and escalation matrix for all cybersecurity domains (network, endpoint, cloud, embedded, and supply chain). Coordinate with the Joint Operations Centre (JOC), Threat-Intelligence, Vulnerability Team, and external partners to ensure a unified, rapid response. Participate in tabletop exercises, red‑team/blue‑team drills, and periodic reviews of the CSIRT program to keep it aligned with industry best‑practice frameworks. Perform analysis of computers /servers activity, memory dumps, disk images, network packet captures, and log correlation to identify attacker techniques, persistence mechanisms, and data exfiltration paths. Evaluate new CSIRT tools (SOAR, threat‑intel platforms), recommend upgrades, and integrate them into existing workflows. Deliver incident updates to executive management, product teams, and external regulators; coordinate legal and PR responses when required. Ensure incident handling meets GDPR, NIST, and relevant internal compliance requirements. Bachelor's degree in Information Security / Cyber Security, or any equivalent academic background. At least 5 years of related working experience in cyber‑security incident response, CSIRT, or SOC leadership roles. Proven track record handling large‑scale, multi‑vector incidents (APT, ransomware, supply‑chain, insider threats). Deep knowledge of the OSI model, TCP/IP, Windows/Linux, cloud (AWS, Azure), VPN, DNS, DHCP, etc. Hands‑on and practical experience with SIEM systems, and EDR (CrowdStrike, MS-ATP) Experience with any of CQL, Kusto, Lucene / KQL syntax Scripting: PowerShell, Python, Bash as a plus Familiarity with forensic tools (X-ways Autopsy, Axiom) and network capture (Wireshark, Zeek) as a plus Security‑intelligence or incident‑response certifications (e.g., SANS SEC600, EC-Council CEH) are a plus. Clear written and verbal communication; skilled at producing concise technical reports. Proven ability to collaborate across distributed, cross‑functional teams. We are on a journey to create the best Infineon for everyone. This means we embrace diversity and inclusion and welcome everyone for who they are. At Infineon, we offer a working environment characterized by trust, openness, respect and tolerance and are committed to give all applicants and employees equal opportunities. We base our recruiting decisions on the applicant´s experience and skills. Please let your recruiter know if they need to pay special attention to something in order to enable your participation in the interview process.
