IT's that simple.
Backoffice Information Security Associate – all genders
Location
Germany
Posted
1 day ago
Salary
0
Seniority
Mid Level
Job Description
Backoffice Information Security Associate – all genders
DATAGROUP
• Creation, development and automation of reports and analyses in the field of information security • Support in preparing reports, documentation and tracking of actions in IT security and emergency management • Coordination and monitoring of vulnerabilities, malware reports and security incidents • Research and assessment of current cyber threats and support in risk analyses (Threat Intelligence) • Monitoring schedules, deadlines and security-related measures • Preparation and follow-up of meetings, including minute-taking • Supporting the Information Security Officers and the team lead in day-to-day operations
Job Requirements
- Completed IT vocational training or a degree, e.g., in Computer Science, Business Informatics or a comparable field
- Strong IT affinity and interest in information security topics
- Some practical experience in information security, IT compliance or risk management is an advantage
- Basic knowledge of IT infrastructure and ideally in networking and/or firewall technologies
- Structured, careful and independent working style
- Very good German skills (at least C1 level), and good spoken and written English
Benefits
- An exciting and varied role in a successful and growing company
- A trusting working atmosphere with flat hierarchies and an informal first-name culture in a team of friendly, helpful colleagues
- Support for work–life balance through family-friendly flexible working hours and the option to work remotely (e.g., from home)
- Modern, well-equipped office space
- Central location with good transport links by train, bus and car, including free parking
- Support for personal and professional development through, for example, internal training, JobRad (company bike leasing), employer contribution to the Deutschlandticket, access to Corporate Benefits, an employee fan shop, contribution to the company pension scheme, and more
- Promotion of departmental and company-wide team spirit through regular company events such as summer parties and Christmas celebrations, as well as sponsorship of employees’ participation in sporting events (e.g., HafenCityRun in Hamburg)
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Role Description We are looking for a hands-on Security Automation Engineer and builder who thrives on creating automated, secure cloud environments and scaling security operations. You will design and maintain infrastructure-as-code, cloud security automations, and modern security tooling — with a strong focus on AWS, Splunk Enterprise Security, Splunk SOAR, and Okta Identity. This role combines deep cloud infrastructure expertise with security orchestration and identity management to strengthen our overall defensive posture. Key Responsibilities - Design, develop, and maintain automation frameworks and scripts (Python, Bash, Terraform) to streamline security processes and workflows. - Deploy and manage secure, scalable infrastructure on AWS using Terraform via Scalr and Harness, with additional presence in GCP and Azure. - Build, support, and optimize AWS Step Functions, Lambda, and EventBridge workflows from a centralized tooling account that operates across multiple spoke accounts in the AWS Organization. - Maintain Kubernetes clusters using Helm charts, including in-house security automations on pods that integrate with CSPM tools and Jira ticketing processes. - Develop and enforce cloud security guardrails using OPA, Guardrails, Service Control Policies (SCPs), IaC security gates, and tag policies. - Architect, build, and maintain Splunk Enterprise Security (ES) integrations, including onboarding log sources, managing indexes, tuning correlation searches, and configuring automated response actions. - Design and implement Splunk SOAR playbooks to automate security tasks, reduce Mean Time to Respond (MTTR), and scale SOC capabilities. - Serve as the subject matter expert for Okta Identity Engine (OIE) — building and managing scalable SSO policies, modern authentication (SAML/OIDC), and identity lifecycle processes. - Leverage AWS security services (GuardDuty, Macie, IAM, Control Tower, KMS, CloudTrail, EventBridge) to build event-driven automations for threat detection and response. - Own the in-house Jira management process for CSPM findings and the supporting data pipeline that feeds AWS QuickSight dashboards. - Collaborate with cross-functional teams (Dev, Platform, Security, and SOC) to integrate security automation into CI/CD pipelines and shift security left. - Conduct risk assessments, enforce security best practices, and continuously improve our defensive posture through automation and tooling. - Monitor, troubleshoot, and optimize cloud infrastructure and security systems to ensure high availability, performance, and compliance. - Stay current with AWS best practices, security trends, and emerging technologies to drive continuous improvement. Qualifications - 10+ years of experience. - Strong hands-on experience with: - Terraform, Kubernetes (EKS + Helm), Docker, and scripting in Python & Bash - AWS services including Step Functions, Lambda, EventBridge, GuardDuty, Macie, IAM, Organizations, and QuickSight - Policy-as-code tools (OPA, Guardrails, SCPs) and IaC security scanning - Splunk Enterprise Security (ES) administration, log onboarding, correlation search tuning, and automated responses - Splunk SOAR playbook development and automation - Okta Identity Engine (OIE), SSO, SAML, and OIDC protocols - Proven ability to work independently with minimal supervision while collaborating effectively with cross-functional teams and providing technical guidance. - Experience designing automation solutions that reduce MTTD and MTTR. - Solid understanding of cloud security principles, compliance frameworks, and secure infrastructure design. Preferred Qualifications - Experience with Scalr, Harness, or similar IaC deployment platforms. - Familiarity with GCP and/or Azure cloud environments. - Prior experience integrating security tools with Jira and building data pipelines for visualization (QuickSight or similar). - Security certifications (AWS Security Specialty, CKS, Splunk-related certifications, or Okta certifications) are a plus. Compensation The expected salary range for this role is $162,000.00 - $190,000.00 USD. The actual base pay offered will be determined by factors such as the candidate's relevant experience, education, geographic location, and internal equity.
Principal Architect - Digital Risk and Resilience
United AirlinesUnited Airlines is a publicly-traded, global airline operating over 4,500 flights every day to more than 335 airports on five continents. In the past, the company has supported fle
Role Description Connecting People. Uniting the World. There’s never been a more exciting time to join United Airlines! As a global company that operates in hundreds of locations around the world — with millions of customers and tens of thousands of employees — we have a unique responsibility to uplift and provide opportunities in the places where we work, live and fly. We’re on a path to becoming the best airline in aviation history. Join our Cybersecurity and Digital Risk (CDR) team to help lead the industry in cyber safety, security and resilience. United's CDR team plays a critical role in protecting our operations by enabling secure and resilient systems, managing threats and vulnerabilities, and ensuring swift response and recovery. Our mission is to seamlessly embed cybersecurity and digital risk management into every aspect of our business. The Principal Architect – Digital Risk and Resilience is part of a Cybersecurity team that shapes how the enterprise makes risk-informed decisions across technology, operations, and the business. This role drives high-visibility, cross-functional work to integrate Digital Risk Management with partners in Cybersecurity and Digital Risk, Digital Technology, and business owners of risk, helping the enterprise identify, assess, and govern systemic digital risk across critical operational capabilities. - Lead enterprise-level integration of Digital Risk Management with partners across Cybersecurity and Digital Risk, Digital Technology, and the business. - Design, implement, and mature monitoring, visibility, and response-readiness capabilities. - Establish and evolve the enterprise resilience program by defining key resilience indicators. - Develop practical models, methods, and frameworks for evaluating systemic digital risk. - Improve risk prioritization and decision support at scale by partnering with technical and business stakeholders. - Assess and integrate emerging systemic risk drivers into enterprise governance and resilience planning. - Conduct structured failure simulation and systemic stress testing to assess resilience across critical capabilities. Qualifications - Bachelor's degree in Cybersecurity, Information Technology, Engineering, Risk Management, or a related field. - 5+ years of experience in cybersecurity, digital risk, operational resilience, business continuity, technology risk, or related disciplines. - Experience applying governance, risk, and compliance concepts and enterprise risk management practices. - Knowledge of digital resilience, operational resilience, and business continuity concepts. - Working knowledge of relevant technology domains such as cloud, software development, data platforms, identity, infrastructure, integrations, and security architecture concepts. - Skill in building practical risk and resiliency models. - Experience designing or operationalizing monitoring, metrics, or governance mechanisms. - Ability to lead change through influence and communicate complex concepts clearly. - Strong problem solving, critical thinking, interpersonal, collaboration, written, and verbal communication skills. - Must be legally authorized to work in the United States for any employer without sponsorship. - Successful completion of interview required to meet job qualification. - Reliable, punctual attendance is an essential function of the position. Requirements - Master's degree in Cybersecurity, Information Technology, Engineering, Risk Management, or a related field (Preferred). - Certification such as CISA, CRISC, CISSP, or CISM (Preferred). - Experience with operational resilience, dependency mapping, enterprise risk governance, or critical service resiliency (Preferred). - Expert knowledge of governance, risk, and compliance concepts and enterprise risk management practices (Preferred). - Knowledge of emerging risk drivers, including AI risk management and AI governance practices (Preferred). - Knowledge of recognized resilience risk management frameworks (Preferred). Benefits - Medical, dental, vision, life, accident & disability insurance. - Parental leave. - Employee assistance program. - Commuter benefits. - Paid holidays and paid time off. - 401(k) plan. - Flight privileges.
Product Cybersecurity Architect
Bausch+Lomb Companies Inc.Bausch + Lomb (NYSE/TSX: BLCO) is a leading global eye health company dedicated to protecting and enhancing the gift of sight for millions of people around the world—from the moment of birth through every phase of life. Our mission is simple, yet powerful: helping you see better, to live better. Our comprehensive portfolio of over 400 products is fully integrated and built to serve our customers across the full spectrum of their eye health needs throughout their lives. Our iconic brand is built on the deep trust and loyalty of our customers established over our 170-year history. We have a significant global research, development, manufacturing and commercial footprint of approximately 13,000 employees and a presence in approximately 100 countries, extending our reach to billions of potential customers across the globe. We have long been associated with many of the most significant advances in eye health, and we believe we are well positioned to continue leading the advancement of eye health in the future.
Role Description Join the Surgical R&D organization in a role where you will help ensure the cybersecurity, safety, and reliability of innovative surgical products that support patient care. In this position, you will be responsible for embedding secure-by-design practices throughout the product lifecycle while partnering with engineering, quality, regulatory, and corporate security teams to deliver compliant and resilient solutions. This is a strong opportunity for someone who brings deep product security expertise, strong cross-functional collaboration skills, and a passion for advancing cybersecurity within a regulated medical device environment. What You'll Do - Architect and implement a consistent cybersecurity strategy across surgical capital equipment product lines to establish a scalable and secure product ecosystem. - Embed secure-by-design principles throughout the product lifecycle, providing guidance on secure architecture, threat modeling, design controls, cryptography, and secure communication protocols. - Lead execution of cybersecurity requirements across development programs, ensuring alignment with regulatory expectations, corporate standards, and product quality objectives. - Coordinate vulnerability management activities, including intake, triage, risk assessment, remediation tracking, and documentation of product security issues through closure. - Serve as the Surgical R&D cybersecurity representative for vulnerability disclosure and incident response activities, supporting investigations, impact assessments, root cause analyses, and remediation efforts. - Partner with engineering teams to implement security testing practices, including SAST, DAST, SCA, penetration testing, and automated security controls within development pipelines. - Support supplier and third-party security initiatives by defining security requirements, managing software supply chain risks, and maintaining Software Bill of Materials (SBOM) processes. - Collaborate with Quality, Regulatory Affairs, IT, and Corporate Product Security teams to ensure compliance with evolving cybersecurity regulations and industry standards while enabling efficient product delivery. Qualifications - Bachelor's degree in Engineering, Computer Science, Cybersecurity, or a related technical discipline. - 7+ years of experience in product security, application security, medical device cybersecurity, or software security within a regulated environment. - Demonstrated experience supporting or leading cybersecurity activities for medical device or other regulated product development programs. - Strong communication, collaboration, stakeholder management, and problem-solving skills. - Ability to translate technical cybersecurity risks into clear, actionable guidance for engineering, quality, and regulatory stakeholders. Requirements - Strong expertise in secure product design, threat modeling, vulnerability management, and secure software development practices. - Working knowledge of connected device security, embedded systems, and software-enabled product architectures. - Experience with security testing tools and methodologies, including SAST, DAST, SCA, and penetration testing. - Understanding of software supply chain security practices, including SBOM development and third-party risk management. - Experience working across cross-functional and global teams to drive cybersecurity outcomes and influence stakeholders without direct authority. - Knowledge of secure development lifecycle (SDLC) frameworks, vulnerability disclosure processes, and product incident response activities. - Familiarity with cybersecurity governance, risk assessment, and compliance processes within regulated industries. Preferred - Advanced degree in Cybersecurity, Computer Science, Engineering, or a related field. - Relevant industry certifications such as CISSP, CSSLP, OSCP, GWAPT, or equivalent. - Experience in medical device, healthcare, or other regulated industries, and/or working within a quality-managed or GxP regulated environment. - Working knowledge of medical device cybersecurity regulations and standards (e.g., FDA premarket/post market guidance, IEC 81001-5-1, AAMI TIR57, UL 2900, NIST frameworks). - Experience developing cybersecurity documentation to support regulatory submissions and audits. Benefits - Eligible for short-term and/or long-term incentives. - Medical, dental, vision insurance, disability and life insurance. - 401(k) plan and company match. - Tuition reimbursement program (select degrees). - Company holidays and well-being benefits. - Eligible for sick time, floating holidays, and paid vacation.
• design, develop, manage, and maintain secure platforms • analyze existing cloud structures and create new and enhanced security methods • responsible for managing, configuring, finetuning and deploying technical controls to enhance security and reduce risks • leverage resources to engineer solutions which supports both IT and security controls • stay informed on current threats and proactively probe the enterprise for potential vulnerabilities and develop mitigation plans



