Function description and tasks
• Implementing global security standards and developing these in relation to vulnerabilities, cyber risks and other potential threats
• Conducting (standardised) IT security assessments of our IT solutions for internal departments in order to protect systems from current and future threats
• Planning and carrying out audits and awareness measures
• Participating in the handling of security incidents at various work levels, including the investigation of incidents and the implementation of countermeasures to prevent future incidents
• Supporting development teams in the areas of cloud, pipeline and application security
• Automating security testing and security monitoring, analysing anomalies that occur during testing
• Performing penetration tests, security assessments and vulnerability analyses in our digital applications
• Identifying security gaps, vulnerabilities and potential risks
Profile
• Successfully completed studies in computer science, a comparable degree programme or comparable education and training with a focus on IT security
• Relevant experience in areas of IT security (e.g. vulnerability management, penetration testing, SOC, ISMS, BCM)
• Knowledge of common standards and regulations (e.g. ISO 27001, ISO 22301, BSI basic protection, KRITIS regulation)
• Extensive knowledge of IT infrastructure (e.g. cloud technologies, networks, Active Directory)
• Expertise in application security and cloud security
• Fluent English skills, additional knowledge of German is an advantage
What is desirable
• Specialisation or certifications in the field of IT security
• Ideally IT security certifications, e.g. CISA, CISM, ISO 27001 Lead Implementer, ISO 22301
• Experience with and knowledge of SIEM (Security Information and Event Management) tools for technical data collection and processing as well as analytical evaluation
• Many years of professional experience as a penetration tester in the web area or in a comparable role
• Good knowledge of various attack techniques and security tools.
• Practical experience in the use of various programming languages desirable
• Practical experience in software test engineering is an advantage