(Senior) Product Security Manager (m/f/x) onsite / remote in Germany

• Full-time

Scalable Capital is a leading digital investment platform in Europe, empowering individuals to shape their financial futures. Our services include Scalable Broker, which facilitates professional investment in stocks, ETFs, and other exchange-traded products; Scalable Wealth, a digital wealth management service; and the European Investor Exchange (EIX), a stock exchange for retail investors. With over 27 billion euros held on our platform by more than one million clients, we are a significant player in the fintech space.

Founded in 2014, we employ more than 500 people across Munich, Berlin, Vienna, and London. Our team, led by Erik Podzuweit and Florian Prucker, is dedicated to developing innovative financial services. We value collaboration, integrity, and continuous learning, guided by our company values, which you can learn more about here.

We are seeking an experienced security leader to develop and lead our Product Security program. As the Product Security Manager, you will define secure-by-design strategies for all customer-facing products, oversee architecture reviews and penetration testing, and collaborate closely with engineering and DevOps teams to embed security throughout the development lifecycle. Your responsibilities will include roadmap planning, team development, and cross-functional communication.

1. Define and implement the product security roadmap, including design reviews, threat modeling, penetration testing, secure coding standards, and automation testing.
2. Lead and mentor a multidisciplinary team of security experts.
3. Conduct risk assessments and facilitate threat modeling workshops.
4. Establish and maintain product security playbooks, review checklists, and engagement models for engineering teams.
5. Coordinate vulnerability remediation efforts, providing updates to product teams and leadership.
6. Serve as the main point of contact for product squads regarding security reviews and guidance.
7. Promote a security champion network through workshops and sharing best practices to embed security by design in the SDLC.
8. Ensure compliance with relevant regulations and industry standards.

Qualifications include:

• 6+ years of experience in application or product security, with at least 2 years in a leadership role.
• Proven experience in secure development lifecycle practices, threat modeling, penetration testing, and vulnerability management.
• Strong understanding of cloud and application architectures, CI/CD pipelines, and offensive security techniques.
• Hands-on skills in code review, threat modeling, and penetration testing.
• Excellent leadership, project management, and stakeholder communication skills.
• Ability to communicate risks effectively to both technical and non-technical audiences.
• Knowledge of threat modeling frameworks, secure coding standards, and compliance requirements.
• Relevant certifications such as CISSP, CSSLP, OSWE/OSCP are advantageous.

Benefits include:

• Be part of a rapidly growing and innovative fintech startup impacting customers' lives.
• Work with an international, diverse, and inclusive team.
• Option to work from our offices in Munich or Berlin, or remotely within Germany.
• Access to the latest hardware and tools.
• Opportunities for learning, including knowledge sharing sessions and an education budget.
• German language classes and relocation support.
• Flexible vacation policy and the possibility to work abroad.
• Competitive compensation and company pension scheme.
• Monthly contribution of 25% for the ‘Deutschland Jobticket’.
• Complimentary PRIME+ Broker subscription, with no order commissions.