Career

SecureIO is a young consulting company based in Munich. Our focus is on cyber security, GRC & information security, and data protection. We see ourselves not simply as a service provider, but as a strategic partner for our clients. The basis of our success is our team, which consists of competent and creative people who are passionate about our client projects and create sustainable added value together. We work in flat hierarchies and at eye level, enabling work-life balance and life diversity!

What awaits you 

You help us with automation in the area of application security / DevSecOps on behalf of customers and contribute to the expansion of a secure software development lifecycle, both in an advisory capacity for other teams and hands-on in your toolset. You are familiar with typical vulnerabilities (at least OWASP TOP 10) and can support teams in dealing with them correctly.

Furthermore you

• Do you support the creation of scripts for the processing of vulnerability data (e.g. creation and automation of reports, integration with threat intelligence data, linking of data from different tools)?
• Do you know at least Python, ideally also basic Java, SQL, and Javascript (Typescript)?
• Do you help to better understand vulnerabilities in applications and containers and to be able to assess possible effects?
• Support the architectural integration of scanning and secure design tools in CI/CD processes in an advisory capacity
• You analyze and optimize processes for processing and evaluating vulnerability data and develop and test new suggestions and ideas for improvement.
• You write help and best practices for dealing with tools or vulnerabilities (knowledge base).
• You help to select suitable security tools for our customers and carry out proofs-of-concept with tool manufacturers.
• Do you follow the developments in the industry and work with modern best practices and tools and bring your knowledge back to the security and software teams?
• Are you able to work hands-on on Linux servers and perform simple administrative tasks?

If interested:

• You represent secureIO with presentations at conferences, etc.
• You create and publish articles on your topic on our blog or in other publications.

What you bring

• 3-5 years of experience in the IT sector with a background in either software development, server administration, or penetration testing, of which at least 1 year in the field of security.
• Good knowledge of scripting (especially Python), at least basic knowledge of Linux and Java
• Understanding of vulnerability analysis and knowledge of typical application vulnerabilities (e.g. OWASP Top 10, CWE 25)
• Ideally knowledge of typical security testing tools (dynamic application security testing, static application security testing)
• First contact with cloud (AWS) and containers
• Interest in automating and improving processes
• Curiosity and willingness to learn and evolve
• Ability to develop good solutions with different stakeholders
• Strong analytical skills
• Proactive approach and experience with agile teams
• Good communication skills
• Good German and English language skills

What we offer

• Mobile working: location-independent working (e.g. in the home office)
• Flexible working models and hours
• 30 days holiday and special leave
• Possibility to take a sabbatical
• Fixed salary without variable component
• Minimal travel
• Opportunity-rich, international working environment
• Further training measures to promote personal strengths and the targeted development of professional competence
• Corporate culture that promotes working at eye level
• Flat hierarchies, but clear roles and responsibilities
• Opportunity to participate in the development of the company and to contribute expertise and interests to internal issues (e.g. OKRs)

Please be aware that candidates need to be based in or relocate to Germany. 

secureIO is a young consulting company based in Munich. Our focus is on cyber security, GRC & Information Security, and Data Protection. We see ourselves not simply as a service provider, but as a strategic partner for our customers. The foundation of our success is our team, which consists of competent and creative people who are passionate about our customer projects and love to create value together. We work in flat hierarchies and at eye level, enabling work-life balance and diversity! 

What awaits you 

You will help us automate application security / DevSecOps activities on behalf of customers and contribute to the expansion of a secure software development lifecycle, both in an advisory capacity for other teams and hands-on in your toolset. You are familiar with typical vulnerabilities and can support teams in dealing with them properly, maintaining the current toolset, and driving forward the overall tooling strategy. 

Furthermore you 

• support with the creation of scripts to process vulnerability data (e.g. creation and automation of reports, integration with threat intelligence data, linking data from different tools) and support hands-on in the central administration of security tools. 
• are at least familiar with Python, ideally also with Java, SQL, and JavaScript (Typescript) 
• help application teams to better understand vulnerabilities in applications and containers and help them to assess possible impacts 
• provide consulting support for the architectural integration of scanning and secure design tools into CI/CD processes 
• analyze and optimize processes for processing and evaluating vulnerability data and develop and test new suggestions and ideas for improvement 
• write help and best practices for the handling of tools or vulnerabilities (knowledge base) 
• assist in the selection of appropriate security tools for our customers and perform proofs-of-concept with tool vendors 
• follow the developments in the industry and work with modern best practices and tools and bring your knowledge back to the security and software teams to enable them to pick up security tasks on their own (knowledge transfer) 
• can work hands-on on Linux servers and perform simple administrative tasks to maintain a security toolset 

If interested: 

• You represent secureIO with presentations at technical conferences and the like. 
• You create and publish technical articles on your topic on our blog or in other publications. 

What you bring  

• 3-5 years of experience in IT with a background in either software development, server administration, or penetration testing, at least 1 year of which should be in the area of security. 
• Good knowledge of scripting (especially Python), at least basic knowledge of Linux and Java 
• Understanding of vulnerability analysis and knowledge of typical application vulnerabilities (e.g. OWASP Top 10, CWE 25) 
• Ideally knowledge of typical security testing tools (Dynamic Application Security Testing, Static Application Security Testing) 
• First contact with cloud (AWS) and containers 
• Interest in automating and improving processes 
• Curiosity and willingness to learn and evolve and provide guidance within your area of expertise to the team 
• Ability to develop good and practical solutions with different stakeholders 
• Strong analytical skills 
• Proactive approach and experience with agile team setups 
• Good communication skills 
• Very good English language skills, German a plus 

What we offer 

• Mobile working: location-independent working (e.g. home office) or possibility to work in our offices in Munich or Augsburg – must be based in Germany 
• Flexible working models and hours 
• 30 days of vacation and special leave 
• Possibility to take a sabbatical 
• Fixed salary without variable component 
• Minimal travel 
• Opportunity-rich, international working environment 
• Further training measures to promote personal strengths and targeted expansion of professional expertise 
• Corporate culture that promotes working at eye level 
• Flat hierarchies 
• Opportunity to participate in company development and help us grow as a team 

SecureIO is a young, dynamic consulting firm based in Munich. Our focus is on cyber security, GRC & information security, and data protection. We see ourselves not simply as a service provider, but as a partner to our customers. The basis of our success is our team, which consists of competent and creative people who are passionate about our client projects. For us, people count: we act according to our corporate values. We work in flat hierarchies and at eye level. We make it possible to reconcile work and family life. We live in diversity!

What awaits you

You support the implementation of exciting customer projects and develop solutions for complex tasks with which you contribute to the success of the project.

Your field of activity consists of the following tasks:

• You advise on the selection and planning of measures for the implementation of information security management systems (ISO/IEC 27000, especially ISO 27001, TISAX, IT-Grundschutz according to BSI).
• You advise on the selection and planning of measures for the implementation of information security requirements (e.g. DLP).
• You create protection analyses and concepts
• You create asset inventories and carry out risk assessments
• You design security areas and zones
• You support our customers in preparing for certification
• You prepare audits and assessments and accompany their implementation or carry them out independently
• You support the development and operation of information security management systems
• You integrate information security into system landscapes in cooperation with data protection specialists.
• You analyze, optimize, and digitalize security processes and assist in the further development of business processes by applying new technologies and best practices.
• You take on the mandate of the external information security officer for our customers
• You support certification bodies in carrying out certifications

If interested:

• You represent secureIO with presentations at conferences and the like.
• You create and publish professional articles on the topic of data protection

What you bring

• Certification as Information Security Officer, Auditor, and/or Lead Auditor
• Certification as a risk manager
• Experience in the application of the ISO/IEC 27000 series of standards, especially ISO 27001
• First professional experience in the area of information security (consulting, implementation/monitoring of audits, …)
• Know-how in the creation of technical and organizational concepts
• Knowledge in the creation of guidelines and process descriptions for information security
• Basic knowledge of relevant ISMS tools (e.g. Verinice)
• Ability to moderate and develop good and pragmatic solutions with different stakeholders
• Analytical skills
• Strong communication skills
• Fluent in German and English

A plus, not a must:

• Completed university studies (e.g. business informatics, computer science, business administration)
• Experience in data protection or quality management according to ISO/IEC 9000

What we offer 

• Mobile working: location-independent working (e.g. in the home office)
• Flexible working models and hours
• 30 days holiday and special leave
• Possibility to take a sabbatical
• Fixed salary without variable component
• Minimal travel
• Opportunity-rich, international working environment
• Further training measures to promote personal strengths and the targeted development of professional competence
• Corporate culture that promotes working at eye level
• Flat hierarchies, but clear roles and responsibilities
• Opportunity to participate in the development of the company and to contribute expertise and interests to internal issues (e.g. OKRs)

SecureIO is a young, dynamic consulting firm based in Munich. Our focus is on cyber security, GRC & information security, and data protection. We see ourselves not simply as a service provider, but as a partner to our customers. The basis of our success is our team, which consists of competent and creative people who are passionate about our client projects. For us, people count: we act according to our corporate values. We work in flat hierarchies and at eye level. We make it possible to reconcile work and family life. We live in diversity!

What awaits you

You support the implementation of exciting customer projects and develop solutions for complex tasks with which you contribute to the success of the project:

• You advise on the selection and planning of measures to implement data protection requirements (e.g. BDSG, DSGVO, TKG, TMG) and procedural recommendations (e.g. standard data protection model).
• You create data protection analyses, concepts, and other data protection documentation.
• You design technical and organizational measures.
• You prepare audits and assessments and support their implementation.
• You support the development and operation of data protection management systems.
• You integrate data protection into system landscapes in cooperation with information security specialists.
• You analyze, optimize, and digitalize data protection processes and assist in the further development of business processes through the application of new technologies.
• You take on the mandate of the external data protection officer for our customers. Y

If interested:

• You represent secureIO with presentations at conferences and the like.
• You create and publish professional articles on the topic of data protection.

What you bring

• Certification as a data protection officer or data protection auditor
• Experience in the application of legal requirements (e.g. BDSG, DSGVO, TKG, TMG) and procedural recommendations (e.g. standard data protection model)
• First professional experience in the field of data protection (consulting, conducting audits, as data protection officer, …)
• Know-how in the creation of technical and organizational concepts
• Ability to implement data protection legislation in a practical manner
• Knowledge in the creation of guidelines and process descriptions for data protection
• Ability to moderate and develop good solutions with different stakeholders
• Analytical skills
• Strong communication skills
• Fluency in German and English

A plus, not a must:

• Completed university studies (e.g. law, business informatics, business administration)
• Experience in information security or IT security technologies

What we offer 

• Mobile working: location-independent working (e.g. in the home office)
• Flexible working models and hours
• 30 days of vacation and special leave
• Possibility to take a sabbatical
• Fixed remuneration without variable component
• Minimal travel
• Opportunity-rich, international working environment
• Further training measures to promote personal strengths and targeted expansion of professional expertise
• Corporate culture that promotes working at eye level
• Flat hierarchies, but clear roles and responsibilities
• Opportunity to participate in company development and contribute expertise & interests to internal issues (e.g. OKRs)