Security Engineering Consultant (mfx)

• Improving the security culture through training and coaching of administrators, software engineers, managers, and product owners with practical tasks in offensive security as well as Security by Design and Secure Coding.
• Development, review, and update of specific guidelines and support materials including concrete practical activities and tools based on relevant information security policies.
• Identification of potential security risks and forwarding them to the necessary authorities.
• Support and advise the product organization to ensure that all relevant security requirements are integrated into products and conducting vulnerability assessments and risk analyses.
• Close cooperation and working together with the internal Security Operation Center as well as collaboration with development teams to integrate security measures, security tests, and acceptance criteria.
• Promoting a culture of proactive vulnerability prevention and remediation within the product organization and implementation of best practices in vulnerability management.
• Ensuring control and coordination for the remediation of identified vulnerabilities through close collaboration with the product organization as well as providing suitable KPIs and product-specific dashboards and reports.
• Close partnership with our infrastructure teams, information security governance teams and colleagues from the REWE Digital.
• Supporting an open feedback culture and a forward‑looking error culture (learning organization).
• Design evaluation and further development of software and infrastructure architectures and documentation (e.g., according to arc42) from a security perspective for IT and cloud systems.

• At least 3-5 years of relevant professional experience in technical security consulting, infrastructure security, cloud security, and application security.
• In‑depth knowledge of IT and security architecture; experience with arc42 or comparable architecture frameworks is a plus.
• Successfully completed studies in computer science, information security, IT security, cybersecurity or comparable qualifications.
• Experience in solving problems and conflicts in complex corporate structures.
• Knowledge of frameworks and standards: ISO 27001, CRA, NIS2, TOGAF.
• Pentesting skills specific to OT and IoT with industry certifications (CISSP, CISM, OSCP, GIAC, etc.) are a plus.
• Technical expertise in infrastructure security, cloud security, and application security as well as expertise in threat modelling, code review, and reviewing architecture concepts regarding security.
• Knowledge of at least one scripting language (e.g., Perl, Python, PowerShell).
• A precise and responsible entrepreneurial mindset and reliability are among your strengths.
• Ability to learn and adapt to new technologies quickly and strong analytical and conceptual skills.
• Very good presentation and moderation skills.
• Highly proficient in spoken and written English and a willingness to learn German.

• Long‑term interesting and varied work for a reliable employer in a supportive team.
• A family‑friendly company culture with flexible working hours and remote working options available.
• Staff shopping and travel discounts.
• Numerous training and further development opportunities within the Group (5 % of working time for self‑organized training and education).
• On‑site parking.
• A lunch allowance.
• A market‑compliant attractive and performance‑related annual gross salary from €70 000 with the willingness to overpay with appropriate experience and qualifications.

No

Full‑time

• ISO 27001
• B2B Sales
• SafeNet
• IDS
• Risk Management
• PCI
• NIST Standards
• Salt
• Information Security
• Customer relationship management
• Encryption
• FISMA

years

1

We promote a diverse and inclusive work environment. Therefore we welcome applications from people of different gender, age, cultural or social background, sexual identity, and applications from people with disabilities. In addition we would like to increase the proportion of women in technical professions and are particularly pleased to receive applications from women for this position.