Sonnen

We are looking for a Cybersecurity Engineer who can turn security findings and risk exposure into coordinated, measurable action across Corporate IT. This role is central to strengthening our security posture and acts as the primary internal reference point for cybersecurity topics—connecting Corporate IT teams with our managed Security Operations Center (SOC).

The position spans vulnerability management, identity security, and risk management, with a strong focus on pragmatic execution, cross-team coordination, and clear communication.

What you’ll do to help drive the energy transition:

• You act as the main point of contact for cybersecurity topics across Corporate IT, advising on secure solutions and architecture decisions.
• You review new tools, services, and infrastructure changes from a security perspective before adoption.
• You support security awareness initiatives, including training programs and phishing simulations.
• You monitor the threat landscape and translate insights into prioritized risk mitigation actions.
• You own the end-to-end vulnerability management process, including triage, prioritization, and coordination of remediation.
• You collaborate with system and endpoint owners to ensure timely resolution and transparent reporting to IT leadership.
• You strengthen identity security by improving access policies, privileged access management, and identity governance.
• You maintain a practical and actionable risk register and translate technical findings into business-relevant risks.
• You act as the internal counterpart to the external SOC, improving detection rules and ensuring incident response readiness.
• You support ISO 27001 processes, including audits and remediation of control gaps.
• You collaborate with R&D and Platform teams in an advisory capacity to align product and corporate security practices.

What you will need for the journey:

• 5+ years of experience across IT and cybersecurity domains
• Hands-on experience with EDR/XDR platforms at scale
• Strong knowledge of identity and access security (IAM, PAM, governance)
• Experience with vulnerability management processes
• Familiarity with ISO 27001 environments
• Strong communication skills and the ability to influence stakeholders without direct authority
• Nice to have:
• Experience working with outsourced SOCs
• Knowledge of NGFW and ZTNA technologies
• Relevant certifications (e.g., CISSP, SC-200 or similar)