Werkstudent supporting information security management and business continuity projects for Syneco's energy operations. Engaging in the development and upkeep of management systems and reporting tools.
About the role
- Senior Information Security Engineer leading enterprise-wide cybersecurity initiatives at e.l.f. Beauty. Designing security solutions and collaborating with teams to safeguard systems and data.
Responsibilities
- Design, build, deploy, and maintain enterprise security technologies and solutions aligned with business objectives, compliance requirements, and the cybersecurity program.
- Develop, document, and enforce security policies, standards, and procedures based on frameworks such as NIST, CIS, ISO 27001, and SOX while advancing overall security maturity, governance, and processes.
- Lead strategic security initiatives, including Zero Trust architecture, Data Loss Prevention (DLP), Cloud Security, Network Segmentation, IAM, Endpoint Security modernization, and security automation.
- Manage and improve email security, DNS security, and other protective controls to defend against phishing, malware, data exfiltration, and domain-based threats.
- Lead vulnerability management programs and drive remediation efforts, providing visibility into risks and progress to stakeholders.
- Oversee incident response lifecycle—detection, analysis, containment, remediation, post-incident review—and continuously enhance disaster recovery and business continuity plans.
- Monitor and analyze security events and network activity (e.g., traffic analysis, host behavior, forensics, kill chain, Windows event analysis), tuning tools, and event correlation for accurate threat detection.
- Collaborate with IT, DevOps, and digital teams to embed security into system design, application development, deployment pipelines, and cloud infrastructure.
- Evaluate and review vendor and partner security practices to ensure alignment with organizational standards.
- Produce regular security dashboards and metrics to report on incidents, threats, and operational effectiveness.
- Lead security awareness training, mentor junior engineers, and guide cross-functional teams on secure design principles and best practices.
- Stay current on emerging threats, vulnerabilities, and technologies to enhance enterprise resilience.
Requirements
- Bachelor’s degree in Computer Science, Cybersecurity, or related field; Master’s preferred.
- 7+ years of experience in information security engineering, architecture, or operations.
- Expertise in cloud security (AWS, Azure, GCP), data protection, IAM/SSO/MFA, email and DNS security, and secure network architecture.
- Hands-on experience with key security technologies: firewalls, VPN, NAC, EDR/MDR, IPS/IDS, SIEM, DLP, vulnerability management, and email security platforms (Proofpoint, Mimecast, Microsoft 365 Defender).
- Strong understanding of Zero Trust, endpoint protection, DevSecOps, security automation, and scripting (Python, PowerShell, Bash).
- Proven ability to lead incident response, risk assessments, threat detection, and remediation efforts.
- Experience implementing DNS protection solutions (Cisco Umbrella, Cloudflare, Infoblox, Valimail).
- Knowledge of security frameworks and compliance standards: NIST CSF, CIS Controls, ISO 27001, SOX.
- Demonstrated success in leading security awareness programs, mentoring team members, and advancing security program maturity.
- Relevant certifications preferred: CISSP, CISM, CISA, GIAC, Microsoft Security certifications, AWS Security Specialty, Azure Security Engineer Associate.
- Strong communication, leadership, and ability to manage multiple security initiatives.
Benefits
- bonus eligibility (200% of target over the last six fiscal years)
- equity
- flexible time off
- year-round half-day Fridays
- hybrid 3 day in office, 2 day at home work environment
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Security Consultant providing IT - Security Consulting by leveraging knowledge and skills to assist clients. Involved in diverse projects from analysis to execution and results presentation.
Lead functional safety for product development in PEM electrolyzers at Quest One. Collaborate with teams and support certification processes in the field of green hydrogen technology.
(Senior) Consultant in Automotive - & Product Security at Wavestone, focusing on cyber security solutions for clients in innovative projects. Collaborative work in a vibrant team environment across multiple German cities.
Consultant specializing in Cyber & Product Security for clients in a hybrid role. Focused on implementing security strategies and conducting assessments with a collaborative approach.
Information Security Manager focusing on risk management for Xecuro GmbH. Implementing and optimizing risk management processes within a technological environment in Bonn.
Information Security Expert working on safe digital solutions, ensuring compliance and conducting risk assessments. Join Xecuro GmbH in shaping Germany's digital future with innovative security measures.
Teamlead position for Security Governance & Assurance at Xecuro GmbH in Bonn. Leading team and implementing information security management systems (ISMS).
Lead ISSO ensuring security compliance for multi - tenant cloud and hybrid environments at Agile Defense. Responsible for vulnerability analyses and risk management decision - making expertise.
Network Security Engineer focusing on Fortigate Firewalls for Vodafone's global network operations. Troubleshooting, incident management, and collaborative environments driving network security initiatives.