• Implement and maintain static application security testing (SAST) using Semgrep across our repositories • Configure and improve software composition analysis (SCA) tooling (Dependabot) to identify vulnerable dependencies • Manage secrets detection scanning (Trufflehog) and respond to findings • Integrate security scanning into CI/CD pipelines (GitHub Actions) to catch issues before code is merged • Triage and prioritize vulnerability findings, working with engineering teams to drive remediation • Support dynamic application security testing (DAST) efforts using tools like ZAP • Contribute to our Application Security Posture Management (ASPM) platform to centralize findings and track remediation • Set up and configure automation scripts to support our vulnerability management practices • Document secure coding guidelines and help educate developers on security best practices • Evaluate and recommend new security tools as the landscape evolves

• Build, tune, and maintain detection rules and alerts in Splunk to identify security threats, suspicious activity, and policy violations • Reduce alert fatigue by continuously improving detection logic to minimize false positives while maintaining coverage • Monitor and develop detections for cloud security events across AWS and GCP using our CSPM tooling (Prisma Cloud) • Collaborate with the Security team to develop detection strategies based on threat intelligence and the MITRE ATT&CK framework • Investigate alerts and escalate confirmed incidents according to our incident response procedures • Set up and configure automation scripts and tooling for alert triage, ticket creation, and incident workflows • Create dashboards and reports to provide visibility into security posture and detection effectiveness • Document detection logic, runbooks, and response procedures • Support EDR (CrowdStrike) monitoring and investigate endpoint-related alerts • Identify opportunities to use Splunk for operational and product monitoring beyond pure security use cases

• Requirement Engineering: Translate German regulatory requirements (SGB V, DiGAV Annex 1) into actionable technical security specifications for the development team. • Penetration Testing Coordination: Define the scope for mandatory white-box penetration tests and manual code reviews; manage the relationship with BSI-certified testing centers. • Risk Assessment: Conduct and document data protection impact assessments (DPIA) and security risk assessments tailored to high-protection health data. • Vulnerability Management: Establish a lifecycle process for vulnerability handling and incident reporting as required by the EU Cyber Resilience Act (CRA) and DiGA guidelines.

• Help build and scale a forward-looking security program • Ensure security of data and client’s digital assets • Work on various information security projects • Identify and evaluate risk to the Information Security Program • Create and improve controls to manage operational risks • Contribute to the long-term strategy of Information Security Team