We make IT Security a Defensive Art - powered by Microsoft
Security Consultant
Location
Germany
Posted
4 days ago
Salary
€75.6K - €91.2K / year
Seniority
Senior
Job Description
Security Consultant
water IT Security & Defense
• As part of our consulting team, you advise companies on effectively implementing their IT security strategy using Microsoft technologies — not just on paper, but in practice. • You are involved from the initial requirements analysis through to live operations. • You are more than a consultant: you become part of the projects you support and deliver real, measurable value. • You analyze business and technical requirements and work with our clients to develop their IT security strategy — from design to implementation. • You take projects from A to Z: requirements gathering, implementation, documentation. • You work independently and have real scope to shape solutions. • You lead workshops for requirements analysis and provide architecture and strategy consulting — acting as the primary contact for clients and sales. • You further develop managed services and workshop formats — internally and externally — and actively share your knowledge, optionally including public speaking. • You track trends in the security landscape and contribute new ideas for the strategic development of our consulting practice.
Job Requirements
- Solid knowledge and practical experience in cybersecurity — IT or OT, both welcome
- Experience with Microsoft Sentinel, Entra Suite, Security for A.I., or Microsoft Defender
- Certifications such as SC-300, AZ-500, or SC-500 are a plus
- Strong communication skills and the ability to engage professionally with people who do not have a cybersecurity background
- Structured, solution-oriented working style and the willingness to address problems openly rather than avoid them
- Enthusiasm for new technologies and a commitment to continuous learning
- Very good German and English, both spoken and written
- Residence in Germany; willingness to travel is required
Benefits
- Trust-based vacation — you decide, beyond the statutory minimum, how much time off you need
- 100% remote — including up to 182 days per year from within the EU; office apartments in Düsseldorf and Vienna available for work and overnight stays
- Health & prevention: mental-health program “OpenUp Family” (for you + 3 people), company health insurance including dental coverage and cancer screening, company pension plan with a 25% employer contribution (increasing after 3 and 5 years)
- Monthly extras: €50 internet allowance, €44 tax-free benefit (Edenred) or EGYM Wellpass, €20 Lieferando credit
- Mobility: company bike (JobRad); from senior level additionally the option of a company car or BahnCard — also for private use
- Corporate benefits (fashion, travel, tech and more) and company merch shop
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Cybersecurity Engineer - Financial Sector
DevsuDevsu is a technology agency that provides software development services, IT augmentation and staffing.
Role Description En Devsu buscamos un/a profesional senior en Ciberseguridad Aplicativa que lidere la ejecución de pruebas de seguridad, validación de requerimientos no funcionales y certificación de software en entornos bancarios y financieros. La posición es Remota para candidatos de LATAM y presencial para en Quito, Ecuador, estarás asignado/a a uno de nuestros clientes más importantes del sector financiero y bancario de Latinoamérica. - Ejecutar pruebas de seguridad en aplicaciones (Front-end, Back-end, APIs, bases de datos, integraciones, infraestructura, cloud, móviles, AI/LLM, plugins y componentes adicionales). - Validar el cumplimiento de requerimientos no funcionales de seguridad definidos por Arquitectura. - Acompañar y dar soporte al Secure Software Development Life Cycle (SSDLC). - Definir y documentar casos de prueba de seguridad previos a la ejecución, alineados a los estándares establecidos. - Clasificar vulnerabilidades utilizando la metodología CVSS 4.0. - Generar informes técnicos detallados con hallazgos, evidencias y recomendaciones de remediación. - Elaborar reportes ejecutivos y métricas de cumplimiento para stakeholders técnicos y de negocio. - Entregar habilitantes para la gestión y cierre efectivo de vulnerabilidades. - Realizar seguimiento a la efectividad de remediaciones implementadas. - Brindar soporte en incidentes de seguridad, eventos de Bug Bounty y actividades de threat hunting. - Verificar matrices de riesgo con enfoque en factor ciberseguridad. - Incluir lineamientos de seguridad en iniciativas de Tribus, COEs y proyectos estratégicos. - Implementar mecanismos de monitoreo y alertas para identificar desvíos o incumplimientos. - Promover mejora continua, innovación y agilidad operativa desde la perspectiva de Seguridad Aplicativa. - Apoyar la ejecución de estrategias definidas por el área de Seguridad Aplicativa. Qualifications - Título universitario en Ingeniería de Sistemas, Informática o Ciberseguridad. - Postgrado en Ciberseguridad o Tecnologías de la Información. - Certificaciones en seguridad ofensiva o aseguramiento de aplicaciones (HTB CWES, HTB CPTS, eWPTX, CSSLP, CPENT, OSCP, OSWE, LPT, CEH Master, BSCP). Requirements - Experiencia comprobable en Secure Software Development Life Cycle (SSDLC). - Experiencia validando requerimientos no funcionales de seguridad. - Experiencia ejecutando pruebas de seguridad en: - Aplicaciones Front-end y Back-end - APIs e integraciones - Bases de datos - Infraestructura y entornos Cloud - Aplicaciones móviles - AI / LLM - Plugins y componentes adicionales - Manejo de la calculadora CVSS 4.0 para clasificación de vulnerabilidades. - Experiencia generando informes técnicos y ejecutivos con recomendaciones de remediación. - Experiencia en gestión y seguimiento de vulnerabilidades. - Documentación estructurada de casos de prueba y validación de efectividad. - Experiencia trabajando bajo metodologías ágiles. - Experiencia en plataformas y sistemas bancarios. - Experiencia brindando soporte en incidentes de seguridad y programas Bug Bounty. - Conocimiento en matrices de riesgo con enfoque en ciberseguridad. - Capacidad para generar métricas, indicadores y reportes ejecutivos. - Experiencia implementando mecanismos de monitoreo y alertas de cumplimiento. - Experiencia colaborando con Tribus, COEs y áreas de negocio desde Seguridad Aplicativa. Benefits - Contrato estable a largo plazo, con amplias oportunidades de crecimiento profesional. - Seguro médico privado para tu tranquilidad y la de tu familia. - Programas continuos de capacitación, mentoría y aprendizaje, para mantenerte actualizado/a en las últimas tecnologías y metodologías. - Acceso gratuito a recursos de formación en inteligencia artificial y herramientas de IA de última generación para potenciar tu trabajo diario. - Política flexible de tiempo libre remunerado (PTO), además de los días festivos pagos. - Participación en proyectos de software desafiantes y de clase mundial para clientes en Estados Unidos y Latinoamérica. - Colaboración con algunos de los ingenieros de software más talentosos de la región, en un entorno diverso, inclusivo y colaborativo.
Senior Security Engineer
DigitalOceanThe cloud ☁️ of choice for developers, startups, and growing digital businesses around the world.
• Architect and lead the implementation of an Integrated Management System (IMS) • Manage cross-functional projects for compliance certifications • Lead annual and ad-hoc risk assessments • Author and maintain enterprise-level security policies
• Design, build, and maintain secure CI/CD pipelines with security gates that catch issues before they reach production. • Systematically, consistently and automatically capture the risk exposure of Chainguard's products. • Implement and enforce software supply chain security controls: signed artifacts, SBOMs, provenance attestation (SLSA, Sigstore / Cosign). • Proactively identify emerging customer security needs, and build solutions to meet these. • Lead security architecture reviews and threat models for Kubernetes-based workloads running on GCP and AWS. • Harden container images, Kubernetes cluster configurations, and cloud IAM postures — minimising attack surface across our product stack. • Define and drive adoption of baseline security standards: pod security standards, network policies, workload identity, secrets management. • Evaluate and operationalise CNAPP / CSPM tooling to maintain continuous visibility into cloud-native risk.
• Design, build, and maintain secure CI/CD pipelines with security gates that catch issues before they reach production. • Systematically, consistently and automatically capture the risk exposure of Chainguards products. • Implement and enforce software supply chain security controls: signed artifacts, SBOMs, provenance attestation (SLSA, Sigstore / Cosign). • Proactively identify emerging customer security needs, and build solutions to meet these. • Lead security architecture reviews and threat models for Kubernetes-based workloads running on GCP and AWS. • Harden container images, Kubernetes cluster configurations, and cloud IAM postures — minimising attack surface across our product stack. • Define and drive adoption of baseline security standards: pod security standards, network policies, workload identity, secrets management. • Evaluate and operationalise CNAPP / CSPM tooling to maintain continuous visibility into cloud-native risk.
