Job
- Level
- Experienced
- Job Field
- IT, Security
- Employment Type
- Full Time
- Contract Type
- Permanent employment
- Location
- Berlin, Frankfurt
- Working Model
- Hybrid, Onsite
Job Summary
In this role, you will oversee platform security, conduct threat modeling, and implement security standards such as ISO 27001 while ensuring compliance requirements and establishing zero-trust architectures.
Job Technologies
Your role in the team
- At GRAYOAK, you work on challenging software projects in the fields of Data, AI, and modern platform architecture.
- In interdisciplinary teams, we develop scalable enterprise solutions and support their implementation from architecture to production operation.
- In this role, you are responsible for the security of our platforms, implementing Security-by-Design, and ensuring that our solutions meet the highest compliance and security standards - especially in demanding, regulated client projects.
- Your focus is on Threat Modeling, implementing compliance standards (ISO 27001, BSI C5, IEC 62443), and developing Zero-Trust concepts for Cloud and On-Premise environments.
- You specifically use Generative AI for Spec-driven Development — as a tool you don't blindly trust, but critically scrutinize with engineering understanding.
- Implementation and maintenance of security measures in applications and cloud infrastructure (Azure)
- Threat modeling, integration of SAST/DAST, and coordination of penetration tests
- Implementation of compliance requirements (ISO 27001, BSI C5, IEC 62443, KRITIS)
- Development of Secrets Management, Key Vault, and Zero-Trust Concepts
- Management of audit logging, SIEM, and incident response processes
- Security reviews and training for the development team
- Support for external security audits and penetration tests
This text has been machine translated. Show original
Our expectations of you
Education
- Completed degree in Computer Science, IT Security, or a comparable qualification
Qualifications
- Deep knowledge of Security Services for On-Premise and Cloud solutions
- In-depth knowledge in the field of network security
- Proficient in common security frameworks (OWASP Top 10, NIST CSF, MITRE ATT&CK)
- Fluent in German and English, both written and spoken.
- Certifications such as CISSP, OSCP, or Azure Security Engineer Associate
- Scripting in Python, PowerShell or Bash
- Background in Red Teaming or Bug Bounties
Experience
- Several years of experience in IT security with a clear focus on cloud environments.
- Extensive experience with IAM, OAuth 2.0, OIDC, and Zero-Trust architectures.
- Experience with KRITIS or security standards such as IEC 62443.
- Experience with container and Kubernetes security (Falco, Trivy, Kyverno)
This text has been machine translated. Show original
What we offer
- Ready to start from Day 1 with IT equipment and a cool GRAYOAK merchandise package.
- Work hybrid - in the office or from home - and adapt your working hours flexibly to your life situation.
- Modern offices in central locations in Frankfurt am Main or Berlin, ideally connected and comfortably designed.
- Seize the opportunity to gain hands-on experience in exciting projects and further develop your skills.
- Look forward to regular team events, afterworks, and networking opportunities to become part of our vibrant corporate culture.
This text has been machine translated. Show original
Topics that you deal with on the job
Job Locations
This is your employer
GRAYOAK
GRAYOAK provides comprehensive consulting in digital transformation and supports companies in implementing innovative technologies. Their focus is on the sustainable integration of solutions into existing organizations.
Description
- Company Type
- Established Company
- Working Model
- Hybrid, Onsite
- Industry
- Consulting
Security Engineer
- Location
- Berlin, Frankfurt
- Working Model
- Hybrid, Onsite
- Diversity
- Open for all genders
