Job Description:
• Protect our systems and cloud environments: You continuously analyze security risks, implement modern security standards, and ensure the protection of our cloud infrastructure and critical enterprise systems
• Define clear security policies and processes: You further develop our security policies, standardize security processes, and ensure their application across the organization
• Drive security awareness and training: You raise security awareness through training, workshops, and proactive communication with all teams
• Maintain structured incident and risk management: You detect security incidents early, coordinate their handling, produce analyses, and continuously improve our incident response procedures
• Ensure compliance (PCI, ISO, NIS2): You support the company in meeting external standards, prepare audits, and guide departments through compliance requirements
• Monitor our core security mechanisms: You analyze security-critical components, support our monitoring and audit processes, and provide transparency on security-relevant events
• Collaborate closely with product, IT, and engineering teams: You assist other teams in designing secure solutions, reduce risks, simplify security processes, and contribute to a secure, scalable overall architecture
• Ensure a secure software development process: You expand our secure software development lifecycle (SSDLC), advise teams on security-related issues, and ensure that security reviews are a reliable part of our processes.
Requirements:
• You identify security risks early and think proactively in terms of solutions
• You have an excellent understanding of how software, infrastructure, and cloud systems interact
• Assessing the security of systems, services, and processes is your passion
• Nice-to-have: Experience with compliance standards such as ISO 27001, PCI DSS, or NIS2
• Nice-to-have: Experience with security testing (e.g., SAST, DAST, vulnerability scans)
• Understanding of secure development and infrastructure processes (SSDLC, cloud security, IAM, risk management)
• Analytical thinking when evaluating security incidents and vulnerabilities
• Strong communication skills – able to explain technical risks clearly
• Basic knowledge of cloud environments (GCP/AWS) and automated workflows (e.g., CI/CD)
• Nice-to-have: Familiarity with security tools & standards such as SIEM, SSO/MFA, audits, policies
Benefits:
• 100% remote work, provided you can ensure a stable internet connection
• The stability of an extremely successful German high-tech company that has retained its start-up spirit over the years
• Regular on-the-job training and professional development
• International team with strong camaraderie
• Regular team events in various European countries
• State-of-the-art technical equipment
• Responsibility from day one
• Work in a team with informal address (du), no dress code, and a culture of mutual respect