Head of Cyber Defense Center (f/m/d)

Step out of your comfort zone, excel and redefine the limits of what is possible. That's just what our employees are doing every single day – in order to set the pace through our innovations and enable outstanding achievements. After all, behind every successful company are many great fascinating people.

In a spacious modern setting full of opportunities for further development, ZEISS employees work in a place where expert knowledge and team spirit reign supreme. All of this is supported by a special ownership structure and the long-term goal of the Carl Zeiss Foundation: to bring science and society into the future together.

Join us today. Inspire people tomorrow.

Diversity is a part of ZEISS. We look forward to receiving your application regardless of gender, nationality, ethnic and social origin, religion, philosophy of life, disability, age, sexual orientation or identity.

Apply now! It takes less than 10 minutes.

Welcome to ZEISS – a company that combines innovation and responsibility! Our corporate functions are diverse and make a decisive contribution to the strategic orientation and sustainable success of ZEISS .

As the Head of Cyber Defense Center you are responsible for leading the global corporate function responsible for protecting ZEISS from cyber threats through establishing, maintaining and continuously improving efficient and effective cyber defense security capabilities for the ZEISS organization on a global scale.

Your Role

• Responsibility for leading the team that integrates monitoring, threat intelligence, incident detection and response, detection engineering, and digital forensics across infrastructure, product and operational environments.

• This role is a strategic and operational cornerstone of the ZEISS Cyber Security Organization and is of high strategic relevance, strengthening the resilience and cyber posture of ZEISS and significantly reducing the exposure of ZEISS to cyber risks.

• Continuous advancement and development of the cyber defense capabilities based on a holistic approach is critical to provide adequate protection against an evolving threat landscape.

• Cyber Defense Strategy & Leadership: define and execute the ZEISS Cyber Defense Strategy in alignment with overall cyber strategy and architecture and establish a defence-in-depth operating model that integrates preventive, detective, and responsive security controls across infrastructure, products, and operations.

• Security Operation Center (SOC) : lead global SOC operations including detection engineering, security monitoring, alert triaging as well as the corresponding tool landscape including SIEM, SOAR, EDR/XDR platforms including their interfaces to provide state-of-the-art monitoring and response. Continuously advance the tool landscape and detection and response infrastructure to keep up with the evolving threat landscape and leverage automation potentials.

• Incident Response: drive organizational readiness for the detection and response to cyber incidents, including incident detection, classification, containment, eradication and recovery in collaboration with stakeholders and ensure post-incident reviews to drive measurable posture improvements.

• Threat Intelligence: establish and mature a threat intelligence program that tracks relevant threat actors, tactics, techniques, and contextualizes intelligence with the industry, assets and geopolitical expose of ZEISS. Directly integrate relevant threat intelligence information into the cyber operations and share with relevant stakeholders in the ZEISS Cyber Security Organization.

• Digital Forensics: integrate offensive security & digital forensics capabilities as a core pillar that challenges policy compliance and defence capabilities of the organization. Standardize the efforts by providing consumable services that offer a coordinated and centralized approach. Drive advanced forensic capabilities to uncover root causes, strengthen evidence‑based learning, and prevent recurrence.

• Cyber Defense Platform Operations: integrate intelligence, monitoring and other sources as part of the state-of-the-art ZEISS Cyber Defense Platform across infrastructure, product and operational environments, and ensure continuous improvement of the defence ecosystem by optimizing tooling, integration, and operational excellence.

• Leadership & Development: functionally and disciplinarily leading a global team with high strategic relevance, this role fosters a culture of collaboration, innovation, and accountability within their team. The role involves leading and developing a high-performing global team, providing clear direction, mentorship, and opportunities for professional growth. By promoting an inclusive and empowering environment, this leadership position is a role model for ZEISS values and strategic goals, while driving engagement and motivation across the organization, cultivating strong relationships with stakeholders to achieve shared success.

• Advanced degree in Cyber Security, Information Technology, Information Security, Computer Science, Security Engineering, Digital Forensics, or a related discipline (Bachelor's or Master's degree) or an equivalent mix of education and professional experience.

• Proven professional experience in cyber security operations, incident response, threat detection, SOC/CSIRT, or threat intelligence with related senior or leadership roles across global organizations.

• One or more relevant and current information security certifications from an established organization (such as CISSP, CISM or other related certifications).

• Proven track record in defining and executing effective cyber defence strategies and building defence‑in‑depth models across global, complex environments.

• Extensive hands‑on leadership in global SOC operations, including SIEM, SOAR, EDR/XDR ecosystems, detection engineering, high‑volume alert management, triaging, containment and incident management.

• Skilled in establishing incident response playbooks, orchestrating cross‑functional incident- and crisis management, and driving post‑incident learning to measurably improve posture and resilience.

• Hands‑on experience architecting and operating integrated cyber defence platforms that unify intelligence, monitoring, automation, and response capabilities.

• Experience in functionally and disciplinarily leading international and global security operations and engineering teams, demonstrating a proven track record of strategic planning, team development, and operational excellence.