Senior Detection & Response Lead

Berlin, Germany;
Hamburg, Germany

At MOIA, trust in our digital and autonomous mobility platform starts with the ability to detect, understand, and respond to security threats before they can impact our services, customers, or teams.

To strengthen our security capabilities, we are looking for a (Senior) Detection & Response Lead (all genders) to build MOIA’s Security Operations Center capability from the ground up. You will shape our SIEM strategy, establish detection and response processes, and create the foundation for a future Detection & Response team.

Initially, you will be embedded in our App Sec & Cloud Security team, working closely with experts across application security, cloud security, engineering, platform, IT and compliance. Over time, you will define how security operations scale at MOIA - from tooling and playbooks to operating models, escalation paths, and team setup.

As a (Senior) Detection & Response Lead, you will take end-to-end ownership of MOIA’s detection and response capability. You combine hands‑on security engineering with strong incident leadership and the ability to turn ambiguous risks into practical, scalable operations.

This is a senior individual contributor role with high visibility and a clear path to shaping a dedicated team as the function matures.

• Build MOIA’s Security Operations Center capability, including scope, operating model, responsibilities, escalation paths, and success metrics.
• Own the SIEM strategy and implementation, including log source prioritization, data quality, detection logic, alertworkflowsand long-term maintainability.
• Develop threat‑informed detections across cloud, application, identity, endpoint, CI/CDand infrastructure environments.
• Create and continuously improve incident response playbooks, triage processes, investigationworkflowsand post‑incident learning.
• Lead security investigations and coordinate response activities with engineering, platform, IT, legal,privacy and communication stakeholders when needed.
• Define how MOIA measures detection and response maturity, including coverage, signal quality, false positives, MTTD and MTTR.
• Evaluate and steer security tooling and external partners where they help us move faster oroperatemore reliably.
• Translate Vehicle,App Sec and Cloud Security insights into concrete detection,logging and response use cases.
• Mentor colleagues,establishbest practices and help prepare the future team setup for Detection & Response at MOIA.

• Several years of experience in security operations, detection engineering, incident response, cloudsecurityor a similar security engineering role.
• Hands‑on experience building or significantly maturing SOC, SIEM or incident response capabilities.
• Strong understanding of SIEM platforms and log pipelines, such as Splunk, Elastic, Microsoft Sentinel, Chronicle, Datadog or similar.
• Experience writing detection rules, correlation logic and investigation queries using languages such as KQL, SPL, SQL,Sigmaor equivalent.
• Solid knowledge of cloud‑native environments, ideally AWS, Kubernetes, serverless architectures, IAM and CI/CD security.
• Ability to lead incidents calmly, communicate clearly underpressureand bring technical and non‑technical stakeholders together.
• A pragmatic engineering mindset: you automate where it helps, document where it matters and focus on reducing real risk.
• Business‑level fluency in English. German is a plus.

• Experience with SOAR, detection‑as‑code, security datalakesor scalable log retention strategies.
• Background in App Sec, product security, cloudforensicsorvulnerability management.
• Experience in regulated, mobility, automotive or safety‑critical environments.
• Previous involvement in hiring, mentoring, or building a security team.

We welcome applicants from diverse backgrounds— even if you don’t meet every requirement. If you’re excited about the role and MOIA’s mission, we’d love to hear from you!

We are a member of Charta der Vielfalt and are dedicated to…