Expert Cyber Security Consulting (m/f/x)

• Improving the security culture through training and coaching of administrators, software engineers, managers, and product owners with practical tasks in offensive security as well as Security by Design and Secure Coding.
• Development, review and update of specific guidelines and support materials including concrete, practical activities and tools based on relevant information security policies.
• As part of your work, you identify potential security risks and forward them to the necessary authorities.
• Support and advise the product organization to ensure that all relevant security requirements are integrated into products and conducting vulnerability assessments and risk analyses.
• Close cooperation and working together with the internal Security Operation Center as well as collaboration with development teams to integrate security measures, security tests, and acceptance criteria.
• Promoting a culture of proactive vulnerability prevention and remediation within the product organization and implementation of best practices in vulnerability management.
• Ensuring control and coordination for the remediation of identified vulnerabilities through close collaboration with the product organization, as well as providing suitable KPIs and product-specific dashboards and reports.
• You work in close partnership with our infrastructure teams, information security governance teams and colleagues from the REWE Digital (DE).

• At least 3-5 years of relevant professional experience in technical security consulting, infrastructure security, cloud security and application security
• Successfully completed studies (computer science, information security, IT security, cybersecurity) or comparable qualifications
• Pentesting skills, specific OT and IoT Knowledge and industry certifications (CISSP, CISM, OSCP, GIAC, etc.) are considered as a plus
• In-depth knowledge of IT and security architecture, experience with arc42 or comparable architecture frameworks are considered a plus
• Experience in solving problems and conflicts in complex corporate structures
• Knowledge of frameworks and standards: ISO27001, CRA, NIS2, TOGAF
• Technical expertise in infrastructure security, cloud security und application security as well as expertise in threat modeling, code review and reviewing architecture concepts regarding security
• A precise, responsible, entrepreneurial mindset and reliability are among your strengths
• Ability to learn and adapt to new technologies quickly and strong analytical and conceptual skills
• Very good presentation and moderation skills
• Language skills: English: B2 (confident verbal and written communication in a professional context) and willingness to learn the local language

• Long-term, interesting and varied work for a reliable employer in a supportive team
• A family-friendly company culture with flexible working hours and remote working options available according to your individual needs
• Staff shopping and travel discounts
• Numerous training and further development opportunities within the Group (5% of working time for self-organized training and education)
• Easy public access 
• A wide variety of tasks combined with the flexibility you need to plan your personal life
• A lunch allowance
• An industry-standard, attractive and performance based annual gross salary starting at 70.000 Euro (on a full-time basis) with the possibility of higher pay according to experience and qualifications

No matter where you are in your career, we have a path for you. Whether you’re looking for your first job, advancement in your field, or a new career shift. We’re proud to employ great people who are passionate about their jobs. But they’re all different. No matter who you are, what you need and where you’re going, REWE Group can be a part of it. Apply now!

Please upload your resume to give us insight of your work experience - anonymously if you like!

We promote a diverse and inclusive work environment. Therefore, we welcome applications from people of different gender, age, cultural or social background, sexual identity and applications from people with disabilities. In addition, we would like to increase the proportion of women in technical professions and are particularly pleased to receive applications from women for this position.