Platform Security Lead (m/f/d)

We are seeking an accomplished and highly experienced Platform Security Lead (m/f/d) to join our team and enhance the security posture of our platforms.

As the Platform Security Lead (PSL) within the CISO Department, you will drive security by design within IT and Development teams, assess and mitigate potential security threats, promote security awareness, and collaborate closely with our CISO teams to implement robust security requirements.

To excel as a PSL, you should possess keen attention to detail, strong strategic planning capabilities, and exceptional communication, interpersonal, and technical skills.

• Champion security by design within IT and development teams
• Conduct comprehensive risk assessments, including design reviews, security requirements generation, gap analysis, security control validation, pen-test support, vulnerability remediation advice, risk articulation, and formal Risk Opinion report issuance
• Drive the integration of DevSecOps within our DevOps teams
• Serve as the primary contact for security-related topics, acting as a bridge to expertise within the CISO department
• Formally assess information security risks related to business projects, determine potential impacts, and ensure follow-up on remediation efforts throughout project lifecycles
• Collaborate with IT teams (developers, architects, product owners, business) to align platform security with the company's risk appetite and threat landscape
• Develop specialized knowledge of platform security, ensuring embedded security measures meet platform needs
• Work with team members to identify and implement common security solutions
• Support the CISO Risk & Compliance team and contribute to the creation, review, and update of information security policies
• Stay current with the latest security systems, tools, trends, and technologies

• A Master’s or Bachelor’s degree in Information Technology, Information Systems Security, Cybersecurity, or a related field, or equivalent technical training
• A minimum of 4 years of relevant IT and Information Security experience, demonstrating the ability to act independently with minimal supervision
• Experience with security architectures including cloud, mobile, enterprise, web, and app security
• Proficiency with threat modeling frameworks such as MITRE ATT&CK, STRIDE, and PASTA
• Knowledge of core security standards and frameworks: ISO 27001, ISO 27017, NIST, NTSC, OWASP, CIS, CVSS
• Expertise in security testing to prevent issues like code execution, SQL injection, and cross-site scripting
• Experience with security in cloud computing and microservices architecture
• Familiarity with security-related legal and regulatory requirements
• Specialized knowledge in web and mobile application security, data protection methods, and the ability to share this expertise with the team
• A broad understanding of security concepts with deep expertise in 2 or 3 specific areas
• Excellent communication skills, capable of translating technical information for non-technical stakeholders
• Willingness to work in a hybrid model with 3 days/week in our Hamburg office