Head of Information Security at Aurora shaping security strategy and governance in a software - focused global business. Leading security efforts to ensure resilience and compliance across operations.
About the role
- (Senior) Security Engineer establishing secure coding practices and driving DevOps automation for Paymenttools, enhancing payment security in Europe.
Responsibilities
- Act as a subject matter expert in application security and actively promote best practices across engineering teams.
- Lead and execute the deployment and rollout of security platforms.
- Continuously improve the organization’s DevSecOps maturity.
- Integrate security controls into CI/CD pipelines and evangelize a strong DevSecOps culture.
- Collaborate on the design and implementation of Identity & Access Management (IAM) in distributed systems.
- Develop automated workflows for vulnerability management.
- Facilitate threat modeling workshops and support teams in making risk-based architectural decisions.
- Document security implementations and contribute to engineering security standards.
- Ideally, you also bring experience in penetration testing or red teaming and have worked in regulated environments such as FinTech.
Requirements
- Strong background in security engineering, with a focus on application security and cloud-native environments (Kubernetes, Postgres).
- Deep expertise in application security, including secure frameworks, libraries, and common attack vectors.
- Hands-on experience with DevSecOps tools and practices, specifically integrating security into GitHub Actions (CI/CD).
- Experience with Infrastructure as Code (IaC), preferably using Terraform or OpenTofu.
- Proficiency in programming languages such as Python or Golang to automate security workflows.
- Experience with LLM tooling and workflows, with an interest in AI-Agenting and multi-agent systems.
- Clear and concise communication skills in English, with the ability to influence and coach both technical and non-technical stakeholders. German-language skills are a plus.
- Ideally, you have experience with GCP and CNAPP platforms (e.g., Wiz).
- Ideally, you have experience with compliance frameworks such as ISO 27001, PCI-DSS, or KRITIS, and bring knowledge in IAM design, including role-based access control and OAuth2/OIDC.
Benefits
- Deutschland ticket, subsidized subscription
- 1.000 euro annual learning and development budget + internal training platforms
- Discounts on travel, fashion, technology, and more through our corporate benefits
- REWE discount card for discounts for REWE group retailers
- JobRad, affordable bicycle leasing!
- Company pension plan
- Insurance Services
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
No Education Requirement
Tech skills
Location requirements
Senior Security Engineer specializing in penetration testing and security strategies for fintech. Collaborating with teams to enhance security for AI applications and financial systems.
Principal Cyber Security Engineer for Identity Access Management at MSK managing identity solutions and advanced identity platforms. Partnering with stakeholders to align identity strategy and lead IAM initiatives.
Join The Missing Link as a Security Engineer, leveraging 3 - 4 years of IT Security experience. Lead projects in a collaborative environment with a focus on innovation and impact.
Engineer in Health, Safety and Environment for ArianeGroup focusing on industrial risk management. Involves audits, assessments, and safety training participation.
Senior Product Security Engineer at Red Hat focusing on security and compliance for digital sovereign products while collaborating across global teams and enhancing automation.
Security Engineer safeguarding K - 12 student data in several locations for EduTech startup. Designing secure software systems and ensuring data protection to comply with privacy standards.
Security Engineer focusing on data protection and privacy for Kira Learning's educational technology. Safeguarding K - 12 student data while collaborating with engineering teams on secure software development.
Senior Cybersecurity Engineer responsible for protecting Advansys and its clients' IT infrastructure. Designing, implementing, and managing security solutions, while mentoring junior engineers.
Security Engineer responsible for incident response and security protocol design at Sinch. Joining a global team to safeguard sensitive information and enhance cybersecurity measures.