Role Description To strengthen our IT Security team, we are looking for a dedicated working student who is eager to gain practical experience in information security. Key Responsibilities - Assisting with the execution of risk analyses and vulnerability assessments - Contributing to the further development and maintenance of the ISMS (Information Security Management System) in accordance with ISO 27001 / BSI IT-Grundschutz - Assisting with implementation of our Identity & Access Management (IAM) systems - Assisting with the creation and updating of security policies and concepts - Analyzing and evaluating security events and log data (SIEM) - Assisting with penetration tests and vulnerability scans - Supporting employee security awareness training - Researching and compiling information on current threat landscapes and CVEs Qualifications - Enrolled student in Computer Science, IT Security, Business Informatics, or a comparable field of study - Basic knowledge of network technologies (TCP/IP, firewalls, VPN) and operating systems (Windows, macOS) - Interest in current cybersecurity topics and trends - Analytical mindset and a structured, meticulous approach to work - Good command of German language, written and spoken English proficiency is required - Understanding of common security standards (knowledge of ISO 27001 and BSI IT-Grundschutz) is a plus - Initial practical experience (e.g., CTFs, certifications such as CompTIA Security+, personal projects) is a plus - Ability to occasionally join in-person meetings with Carbonfuture staff in Berlin or Freiburg Benefits - A ground-breaking business with an early foothold in the carbon removal industry and the ability to have a real impact on climate change - Purpose-driven, ambitious colleagues and a friendly, open and inclusive environment - Insight into real-world IT security projects and processes within a professional environment - Flexible working hours that can be easily reconciled with your studies - The option to work remotely part-time, or visit our hubs in Freiburg and Berlin - Personal guidance and mentoring from experienced security experts - Fair compensation (€16–18 per hour, depending on qualifications) Legal Information This position is limited to a maximum of 20 hours per week during the academic semester to ensure the maintenance of your student enrollment status. Employment is structured as a student employee relationship subject to social security regulations, in accordance with § 20 SGB IV.

• Provide strategic leadership and oversight for large-scale, multi-region client programs across health and security consulting domains • Ensure delivery excellence, consistency, and alignment with client objectives and contractual commitments • Establish and maintain robust governance frameworks, including performance metrics, reporting, and escalation pathways • Lead program mobilization, implementation, and ongoing optimization • Oversee managed services engagements, ensuring delivery against agreed service levels, KPIs, and client expectations • Drive standardization and scalability of service delivery models across regions • Lead continuous improvement initiatives to enhance service quality, efficiency, and client value • Integrate digital tools and innovative delivery approaches where appropriate • Act as a trusted partner to senior client stakeholders, including HR, Risk, Health, Security, and Executive Leadership teams • Lead governance forums, including executive reviews and strategic planning sessions • Proactively identify client needs and position solutions that enhance resilience and duty of care outcomes • Support retention and growth of strategic accounts • Maintain accountability for program financial performance, including revenue, margin, and cost management • Support commercial activities including proposal development, pricing, and contract structuring • Ensure accurate forecasting and financial reporting • Work closely with medical, security, consulting, and operational teams across business lines and regions • Coordinate internal stakeholders to ensure seamless delivery of integrated solutions • Lead and develop high-performing, multi-disciplinary teams • Identify and manage operational and delivery risks across programs • Ensure adherence to regulatory, clinical, and organizational standards • Oversee incident management and ensure appropriate escalation and resolution • Contribute to the ongoing development of health and consulting solutions • Capture insights and best practices to inform continuous improvement and global standards • Support the evolution of managed services offerings in line with client needs and market trends

• Supporting our managed SIEM as the final point of escalations. • Supporting user identity management and Single-sign on through our IDP. • Securing the way in which employees use our various SaaS vendors. • Securing user activity through the Google Workspace stack. • Aiding Devops with securing our cloud and SDLC. • Aiding in on and off boarding through the JLM (joiners, leavers, movers) process. • Trial and architect new systems that we are thinking about adding to our infosec stack. • Aid in Crisis management events. • Architecting and supporting web3 security and monitoring systems

• Help design, deploy, and maintain the Securing Orchestration, Automation, and Response (SOAR) capabilities of a multi-billion dollar platform as a service company. • Develop automations which will interact across multiple different products and services to secure the enterprise. • Develop integrations and workflows to enrich decision making. • Leverage AI tooling to provide system operators and security personnel with additional context for security events and alerts. • Write production quality code with unit and integration tests.