Cyber Security Specialist (f/m/x)

102896

Full time, close to full time
35-39 hrs./week

Neuherberg near Munich

Partial Home Office possible

At Helmholtz Munich, we develop groundbreaking solutions for a healthier
society in a rapidly changing world. We believe that diverse perspectives drive
innovation. Through strong partnerships, we accelerate the transfer of new
ideas from the lab to real-life applications, improving lives.

Your work provides the foundation for scientific discoveries with real
impact, shaping the future of health.

Helmholtz Digital Services for Science (HIFIS) aims to provide excellent,
seamlessly accessible IT services for the whole Helmholtz Association.

Your work will help both Helmholtz Munich and HIFIS to secure the foundation
for scientific discoveries with real impact, shaping the future of health.


Your tasks


- You will collaborate closely with partners in the Helmholtz Association and
HIFIS (Helmholtz Digital Services for Science) todesign, develop, and implement
comprehensive security solutionsacross the cloud federated services
architecture used at Helmholtz sites and partner organizations.
- You will assess and continuously monitorthe current security posture of
Helmholtz Munich’s infrastructure (including network, storage solutions,
virtualization platforms, and high-performance computing systems) and recommend
improvements in design and implementation aimed at strengthening the overall
security posture of the center.
- You will assess the application security posture, offering guidance on
integrating secure coding practices, performing threat modelling and code
reviews, and embedding security throughout the software development lifecycle
for both in-house and third-party applications.
- You will evaluate policies, standards, procedures and recommendationsto
enhance adherence to national and international security standards and
frameworks (e.g., ISO/IEC 27001, BSI C5, BSI IT-Grundschutz), ensuring
regulatory compliance and security best practices.
- You will collaborate with internal and external stakeholders to proactively
identify, assess, and mitigate security risksthrough risk management processes,
including threat modelling and risk assessment.
- You will support incident responseactivities, vulnerability management, and
forensic investigations, helping to minimize impact and strengthen defenses.
- You will provide technical guidance, training, and awareness programsto
colleagues and partners on security best practices, emerging threats, and
compliance requirements, fostering a strong security culture across the
organization.

Your profile


- Bachelor's or master's degree in computer science, computer engineering,
cybersecurity or a related field and relevant security certifications (e.g.,
OSCP, CCSP, CISSP, CISM) from a university with internationally recognized
quality standards.
- Good understanding of networking, storage, cloud computing, virtualization,
and application technologies, and their associated security principles and
controls.
- Interest with Identity and Access Management (IAM) and Single Sign-On (SSO)
technologies (such as SAML, OAuth 2.0, OpenID Connect, and similar standards),
including designing and implementing secure authentication and authorization
systems.
- Interest in application security, including secure software development
lifecycle (SSDLC), vulnerability assessment, code review, and mitigation of
common vulnerabilities (e.g., OWASP Top 10).
- Familiarity with firewalls, intrusion detection/prevention systems
(IDS/IPS), Security Information and Event Management (SIEM) tools,
endpoint/server protection solutions, and encryption technologies.
- Familiarity with open-source tools applicable for securing corporate
environments.
- Familiarity with security frameworks and standards such as the NIST
Cybersecurity Framework (CSF), ISO 27001, BSI C5, BSI IT-Grundschutz, and
similar regulatory requirements.
- Ability to perform security risk assessments, threat modelling, and develop
risk mitigation strategies within complex technical environments.
- Good problem-solving skills, with the ability to communicate complex
security concepts clearly to both technical and non-technical stakeholders at
all levels.

We value passion and potential!

So please consider applying even if your experience does not match every line
of the description.

If you fulfill all the requirements, you may be eligible for a salary grade
of up to E 13. Social benefits are based on the Collective Wage Agreement for
Public-Sector Employees (TVöD). The position has an (initial) fixed term until
31.12.2028 but may be extended under certain circumstances.


Managing Director Mike Frieser:

„We believe that diversity is the key to groundbreaking research and
innovative solutions. Our flexible working models and remote options create a
supportive environment for balancing work and family life. For us, contributing
to a healthier society in such an inspiring workplace is truly meaningful.“

Get to know us

Benefits


- Family Support
On-site kindergarten, holiday care, care for the elderly
- Health Promotion
Sports, company doctor, mental health initiatives
- Personal Development
Comprehensive in-house training and development opportunities

- Recreation
30 days annual leave, flexi days, plus public holidays
- Retirement Provision
Company pension plan
- Work-Life-Balance
Flexible working hours and flexi-time models


Interested in applying?

If you have any questions, feel free to contact Dr. Alf Wachsmann, +49 89
31872488, who will be happy to help.