Information Security Engineer — Incident Response & Automation

Job Title

At INNIO we offer you:

• Young & supportive team - in a fast-growing international business environment
• Learn & develop yourself - help you craft your career path with (INNIO learning, free language courses according to business needs)
• Hybrid working - 50% Office, 50 % Home Office with flexible working hours
• Cafeteria package with various options - SZÉP Card, Cash option, Nursery & kindergarten support
• Medicover Spring White Package- from the first day of employment
• Easily accessible location - in the heart of the most vibrant campus area in Budapest (location: 13rd District, easy to approach by Metro Line 3)
• Take a break - Recharge your batteries with free coffee and tea selection in the kitchen area
• Live an active lifestyle – activate your AYCM pass

Your tasks:

• Coordinate day‑to‑day incident handling with internal teams and SOC Provider: triage, scoping, containment, recovery, and documentation.
• Maintain and improve response playbooks, runbooks, enrichment pipelines, and case workflows; ensure consistency and auditability.
• Prioritize and deliver automation for high‑volume tasks (enrichment, correlation, evidence collection, notifications, containment actions).
• Tune alerts and data pipelines to improve signal‑to‑noise and reduce manual touches; track and report on detection/response quality metrics.
• Translate incident lessons into preventive controls and configuration changes (identity, endpoint, AD, cloud) in partnership with platform owners.
• Keep risk records and asset mappings up‑to‑date; link incidents to risks, treatments, and control improvements.
• Prepare audit evidence and contribute to policy/procedure updates to sustain ISMS compliance.
• Mentor analysts on triage methods, documentation quality, and safe automation practices; participate in tabletop exercises.

Your profile:

• 4+ years in incident response or security engineering with measurable improvements to detection/response and workflow automation.
• Proficiency with enterprise security tooling (e.g., EDR/MDR, log analytics/SIEM, identity/AD, M365 security) and case management platforms.
• Scripting/query ability for automation and investigations (e.g., Python, PowerShell, KQL/SPL/SQL‑like).
• Experience operating within an ISMS and supporting ISO 27001/27005 processes and audits.
• Strong cross‑functional communication and documentation skills.

Desired Experience

• Designing automation backlogs and value tracking (time saved, error reduction, MTTR impact).
• Exposure to risk tooling (ServiceNow IRM or similar) and control mapping (e.g., MITRE ATT&CK).
• Hardened identity/endpoint/AD change implementations and validation via purple‑team/attack simulation.
• Certifications such as GCFA/GCIA/GCIH, Azure Security Engineer, Microsoft Security Operations Analyst, or equivalent.