Skip to main content
Back to jobs

(Senior) Detection & Response Lead (all genders)

External
moia logoMoia · Berlin, Germany
Full-timeOn-site4d ago
Application SecurityAWSCI/CDCloud SecurityComplianceDatadog
Cover LetterConnect

Prepare for this interview

Elite

AI-generated questions, company research, and talking points tailored to this role

Responsibilities

  • Build MOIA's Security Operations Center capability, including scope, operating model, responsibilities, escalation paths, and success metrics.
  • Own the SIEM strategy and implementation, including log source prioritization, data quality, detection logic, alert workflows and long-term maintainability.
  • Develop threat-informed detections across cloud, application, identity, endpoint, CI/CD and infrastructure environments.
  • Create and continuously improve incident response playbooks, triage processes, investigation workflows and post-incident learning.
  • Lead security investigations and coordinate response activities with engineering, platform, IT, legal, privacy and communication stakeholders when needed.
  • Define how MOIA measures detection and response maturity, including coverage, signal quality, false positives, MTTD and MTTR.
  • Evaluate and steer security tooling and external partners where they help us move faster or operate more reliably.
  • Translate Vehicle, AppSec and Cloud Security insights into concrete detection, logging and response use cases.
  • Mentor colleagues, establish best practices and help prepare the future team setup for Detection & Response at MOIA.
  • What will help you to fulfill your role
  • Several years of experience in security operations, detection engineering, incident response, cloud security or a similar security engineering role.
  • Hands-on experience building or significantly maturing SOC, SIEM or incident response capabilities.
  • Strong understanding of SIEM platforms and log pipelines, such as Splunk, Elastic, Microsoft Sentinel, Chronicle, Datadog or similar.
  • Experience writing detection rules, correlation logic and investigation queries using languages such as KQL, SPL, SQL, Sigma or equivalent.
  • Solid knowledge of cloud-native environments, ideally AWS, Kubernetes, serverless architectures, IAM and CI/CD security.
  • Ability to lead incidents calmly, communicate clearly under pressure and bring technical and non-technical stakeholders together.
  • A pragmatic engineering mindset: you automate where it helps, document where it matters and focus on reducing real risk.
  • Business-level fluency in English. German is a plus.

Requirements

  • Experience with SOAR, detection-as-code, security data lakes or scalable log retention strategies.
  • Background in AppSec, product security, cloud forensics or vulnerability management.
  • Experience in regulated, mobility, automotive or safety-critical environments.
  • Previous involvement in hiring, mentoring, or building a security team.
  • We welcome applicants from diverse backgrounds - even if you don't meet every requirement. If you're excited about the role and MOIA's mission, we'd love to hear from you!
  • Our benefits in a nutshell
  • Competitive salary (including bonus)
  • Hybrid work setup: Work from home or one of our offices - you and your team decide how often to meet, blending flexibility with collaboration!
  • Flexible working hours and the possibility of flexible work arrangements depending on your needs (parenting, care work, volunteering, etc.)
  • Budget and monthly expense allowance for home office setup
  • Possibility of remote work from outside Germany for up to 6 weeks per year from over 35 countries - learn more in our blog !
  • Public transport ticket (fully subsidized "Deutschlandticket") for commuting and travelling throughout Germany and discount on MOIA rides
  • Subsidized fitness club membership or bike leasing
  • Learning environment with continuous learning days, job rotation, trainings and workshops, coaching, conferences, books

Benefits

Remote work optionsFlexible schedulePerformance bonus

Additional Information

Join us as a (Senior) Detection & Response Lead (all genders) in our AppSec & Cloud Security team on a shared journey that matters! At MOIA, trust in our digital and autonomous mobility platform starts with the ability to detect, understand, and respond to security threats before they can impact our services, customers, or teams. To strengthen our security capabilities, we are looking for a (Senior) Detection & Response Lead (all genders) to build MOIA's Security Operations Center capability from the ground up. You will shape our SIEM strategy, establish detection and response processes, and create the foundation for a future Detection & Response team. Initially, you will be embedded in our AppSec & Cloud Security team, working closely with experts across application security, cloud security, engineering, platform, IT and compliance. Over time, you will define how security operations scale at MOIA - from tooling and playbooks to operating models, escalation paths, and team setup. Your role at MOIA As a (Senior) Detection & Response Lead, you will take end-to-end ownership of MOIA's detection and response capability. You combine hands-on security engineering with strong incident leadership and the ability to turn ambiguous risks into practical, scalable operations. This is a senior individual contributor role with high visibility and a clear path to shaping a dedicated team as the function matures.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at moia? Share your experience

Interested in this role?

Apply on the company's website.

Cover LetterConnect