• Security Architecture & Design • Provide architectural guidance on cryptographic key management and secure API design. • Review, assess, and improve the security of systems related to identity and access control. • Model all secure end-points and re-engineer access to the end-points targeting security without operational disruption • Risk Management & Threat Modeling • Conduct threat modelling and risk assessments for distributed systems and critical business workflows. • Define and implement security controls for sensitive operations, including privileged access, internal tooling, and system integrations. • Proactively identify emerging risks and contribute to internal processes for risk tracking and mitigation. • Security Operations & Incident Response • Lead the response to security incidents, including investigation, containment, and remediation. • Improve detection, monitoring, and alerting across systems and infrastructure. • Develop and maintain incident response playbooks for handling security incidents, including abuse and hacking scenarios. • Governance, Compliance & Best Practices • Help define and maintain security standards and best practices for application development and infrastructure. • Ensure proper secrets management, access control, and system hardening. • Cross-Functional Collaboration • Work closely with engineering, product, and infrastructure teams to embed security throughout the development lifecycle. • Provide practical guidance on secure system design, especially for systems handling sensitive data or high-risk operations.

• Implement and maintain static application security testing (SAST) using Semgrep across our repositories • Configure and improve software composition analysis (SCA) tooling (Dependabot) to identify vulnerable dependencies • Manage secrets detection scanning (Trufflehog) and respond to findings • Integrate security scanning into CI/CD pipelines (GitHub Actions) to catch issues before code is merged • Triage and prioritize vulnerability findings, working with engineering teams to drive remediation • Support dynamic application security testing (DAST) efforts using tools like ZAP • Contribute to our Application Security Posture Management (ASPM) platform to centralize findings and track remediation • Set up and configure automation scripts to support our vulnerability management practices • Document secure coding guidelines and help educate developers on security best practices • Evaluate and recommend new security tools as the landscape evolves

• Build, tune, and maintain detection rules and alerts in Splunk to identify security threats, suspicious activity, and policy violations • Reduce alert fatigue by continuously improving detection logic to minimize false positives while maintaining coverage • Monitor and develop detections for cloud security events across AWS and GCP using our CSPM tooling (Prisma Cloud) • Collaborate with the Security team to develop detection strategies based on threat intelligence and the MITRE ATT&CK framework • Investigate alerts and escalate confirmed incidents according to our incident response procedures • Set up and configure automation scripts and tooling for alert triage, ticket creation, and incident workflows • Create dashboards and reports to provide visibility into security posture and detection effectiveness • Document detection logic, runbooks, and response procedures • Support EDR (CrowdStrike) monitoring and investigate endpoint-related alerts • Identify opportunities to use Splunk for operational and product monitoring beyond pure security use cases

• Requirement Engineering: Translate German regulatory requirements (SGB V, DiGAV Annex 1) into actionable technical security specifications for the development team. • Penetration Testing Coordination: Define the scope for mandatory white-box penetration tests and manual code reviews; manage the relationship with BSI-certified testing centers. • Risk Assessment: Conduct and document data protection impact assessments (DPIA) and security risk assessments tailored to high-protection health data. • Vulnerability Management: Establish a lifecycle process for vulnerability handling and incident reporting as required by the EU Cyber Resilience Act (CRA) and DiGA guidelines.