PitchMeAI
Schwarz Digits

CDC / SOC -Incident Response Analyst Expert - Afternoon Shift (m/f/d)

Schwarz Digits · Barcelona, Catalonia, Spain

This listing has closed — view similar roles below.

  • On site
  • Full-time
  • €75,000 / year
  • Barcelona, Catalonia, Spain

Job highlights

  • Lead incident response for critical security events.
  • Analyze cyber-attacks and derive remediation.
  • Monitor global threat landscape.
  • Utilize SIEM, SOAR, and EDR tools.
  • Shape Europe's digital sovereignty.

About the role

About Schwarz Digits

Schwarz Digits creates the technological foundation for digital sovereignty in Europe. As the IT and digital division of the Schwarz Group, we develop and manage the IT infrastructures for the retail divisions Lidl and Kaufland, as well as Schwarz Production and PreZero. At the same time, we operate as an independent provider in the external market to support companies across Europe in their digital transformation. We bundle our core services in the areas of Cloud, Cyber Security, Data & AI, Communication, and Workspace. Join us and contribute to digital sovereignty in Europe. With us, you will work at the intersection of agility and security: You will benefit from fast decision-making processes, enjoy genuine creative freedom in your projects, and be able to build upon the stable foundation of the Schwarz Group.

Your tasks

  • Coordinate and communicate IT security incidents across teams and countries, managing the incident response process.
  • Detect and analyze potential security incidents, ensuring effective containment.
  • Reconstruct cyber-attacks and malware, analyze sensitive data, and derive remediation actions.
  • Develop mechanisms to detect anomalies and attacks, initiating preventive measures to alert in time.
  • Monitor the general threat landscape on the Internet and provide actionable recommendations.
  • Advise internal projects on security-related issues.
  • Conduct IT forensic investigations.
  • Create meaningful reports on IT security incidents.

Your Profile

Our Cyber Defense Center is fully built and up and running. We are now looking to strengthen the team with an Incident Response expert to cover the weekday afternoon shift. This is a hands-on, experienced technical role focused on advanced incident, and continuous improvement rather than tier-one alert triage. You will join a large Cyber Security organization with excellent opportunities for growth, development, and promotion based on performance and training. Continuous learning is essential in this field, and the company supports this with a wide range of education and training options to enhance both soft and hard skills.

  • 5+ years of professional experience in Incident Response, leading medium to critical security incident response.
  • Hands-on experience in incident response, including triage, containment, remediation, and end-to-end security investigations.
  • Experience partnering with Escalation Management, Product Development/Engineering, IT, Legal, Cloud Ops, and wider cybersecurity teams to lead remediation.
  • University degree in Information Technology or comparable education.
  • Strong English skills, fluent business English (speaking and writing) at advanced level (B2+).
  • Further education in IT forensics and security incident management.
  • Expert knowledge in SIEM systems (preferably Splunk), SOAR tools, and EDR solutions.
  • Strong technical expertise in deployed technologies and cyber attack techniques.
  • Knowledge of national and international IT standards and frameworks (ISO 27001, NIST Cyber Security Framework, BSI Grundschutz, ITIL, OWASP, MITRE ATT&CK).
  • High communicative and analytical skills, ability to work independently, and strong team spirit.
  • Confidence and persuasiveness with communication skills in English. German will be well considered but it is not mandatory.
  • Commitment to continuous education and professional development.
  • Would be a plus: Strong digital forensics skills, including analysis, timeline reconstruction, and interpreting artefacts across Windows, macOS, Linux, and cloud environments.
  • Would be a plus: Experience in cloud incident response including familiarity with cloud-native logging, identity systems, and investigation techniques.
  • Would be a plus: Knowledge of application security, including investigating application-layer attacks, abuse cases, and SaaS-specific threats.

Working Hours

Afternoon shift (13:45 – 22:00h), from Monday to Friday (no rotation).

Key skills/competency

  • Incident Response
  • Cyber Security
  • IT Forensics
  • SIEM Systems
  • SOAR Tools
  • EDR Solutions
  • Malware Analysis
  • Threat Landscape
  • Security Investigations
  • Digital Sovereignty

Skills & topics

  • Incident Response Analyst
  • Cyber Security
  • SIEM
  • SOAR
  • EDR
  • IT Forensics
  • Malware Analysis
  • Threat Intelligence
  • Security Operations Center
  • Digital Sovereignty
  • Splunk
  • NIST
  • ISO 27001
  • MITRE ATT&CK
  • Incident Management

How to get hired

  • Tailor your resume: Highlight 5+ years of incident response experience, SIEM/SOAR/EDR expertise, and forensic skills.
  • Showcase technical depth: Emphasize hands-on experience with incident triage, containment, remediation, and investigations.
  • Demonstrate collaboration: Detail your experience partnering with cross-functional teams for remediation efforts.
  • Highlight continuous learning: Mention any further education in IT forensics and security incident management.
  • Prepare for technical questions: Be ready to discuss cyber attack techniques and specific security frameworks.

Technical preparation

Master SIEM (Splunk), SOAR, and EDR tools.,Practice incident reconstruction and malware analysis.,Familiarize with ISO 27001, NIST, MITRE ATT&CK.,Prepare for cloud and application security scenarios.

Behavioral questions

Describe leading a critical security incident.,How do you collaborate with other teams?,How do you stay updated on threats?,How do you handle working independently?

Frequently asked questions

What are the working hours for the Incident Response Analyst Expert role at Schwarz Digits?
The Incident Response Analyst Expert position at Schwarz Digits operates on a weekday afternoon shift, from Monday to Friday, 13:45 to 22:00h. There is no rotation involved.
What specific SIEM, SOAR, and EDR tools does Schwarz Digits use for incident response?
While the description specifically mentions expert knowledge in SIEM systems, preferably Splunk, it also broadly refers to SOAR tools and EDR solutions. Candidates should be prepared to discuss their experience with these types of technologies.
Does Schwarz Digits require German language proficiency for the Incident Response Analyst Expert role?
Strong English skills are mandatory for this role, at an advanced level (B2+). While German language skills are considered a plus, they are not mandatory for this position.
What are the opportunities for career growth as an Incident Response Analyst Expert at Schwarz Digits?
Schwarz Digits offers excellent opportunities for growth, development, and promotion within its large Cyber Security organization, based on performance and ongoing training.
What kind of experience is needed for this Incident Response Analyst Expert position?
This role requires over 5 years of professional experience in Incident Response, with hands-on experience in leading medium to critical security incidents, including triage, containment, remediation, and end-to-end investigations.
Is this Incident Response Analyst Expert role focused on alert triage?
No, this is a hands-on, experienced technical role focused on advanced incident response and continuous improvement, rather than tier-one alert triage.
What are the 'plus' qualifications for the Incident Response Analyst Expert role?
Desired 'plus' qualifications include strong digital forensics skills, experience in cloud incident response (logging, identity systems, investigation techniques), and knowledge of application security, including investigating application-layer attacks and SaaS-specific threats.