Penetration Tester

Penetration Tester Location: Frankfurt Our client is a large international organisation seeking a Penetration Tester to join their information security team. You will join the information security team, helping to ensure products and projects are delivered securely. Key Responsibilities: Plan, execute and track penetration tests, evaluating findings and proposing mitigation actions. Produce clear test reports and maintain statistics for reporting and tracking purposes. Provide technical support to security functions including SOC, risk management and architecture. Coordinate activities such as bug bounties, SAST, DAST, audits and vulnerability scanning. Contribute to secure coding training and awareness initiatives. Serve as the internal point of contact for all penetration testing queries and follow up on findings. Your Profile: Degree in Computer Science, Business Informatics or equivalent IT experience. At least 3 years of hands-on penetration testing experience. Solid understanding of the cyber threat and vulnerability landscape. Certifications such as CompTIA PenTest+, CEH, GPEN or OSCP are advantageous. Self-driven and results-oriented, with the ability to work independently. Advanced English proficiency; additional languages are a plus.

Information Security Lead Location: Munich Our client is looking for a seasoned security professional to lead and develop their organisation’s information security strategy. This role covers policy development, regulatory alignment, and oversight of security operations across multiple locations. The successful candidate will collaborate closely with senior leadership and report directly to the CISO. Key Responsibilities: Set the direction for the company’s overall information security strategy. Oversee a team managing core security functions and initiatives. Support risk identification and mitigation across systems and data. Ensure compliance with relevant regulatory and data protection requirements. Coordinate security incident response activities. Champion security awareness across the organisation. Act as a point of contact for external assessments and audits. Monitor emerging risks and recommend improvements. Candidate Profile: Extensive experience in cybersecurity, preferably in regulated sectors. Proven track record in leading teams and driving security programs. Working knowledge of recognised frameworks and standards. Strong understanding of risk, governance, and compliance. Effective communicator with senior stakeholder engagement experience. Fluent in German and English. Professional certifications (e.g. CISSP, CISM) are beneficial. What’s Offered: Competitive compensation with performance-related incentives. Hybrid working model in an international, collaborative environment. Ongoing support for professional growth and development.

Security Incident Manager Location: Frankfurt am Main - Hybrid A role that inspires you You will play a pivotal role in safeguarding critical ICT systems for a leading international organisation. In this strategic position, you will lead responses to major cyber incidents, strengthen incident management processes, and help shape the overall security posture of the organisation. This is an opportunity to work at the intersection of technology, risk, and strategy — protecting vital operations while collaborating with experts across security, IT, and risk functions. What you’ll be doing You will: • Lead and coordinate end-to-end responses to major security incidents, including detection, containment, eradication, recovery, and lessons learned. • Serve as the central escalation point for incidents, ensuring clear communication between technical teams, management, and external stakeholders. • Perform in-depth technical analysis of security events using SIEM, EDR, IDS/IPS, and threat intelligence tools. • Support forensic investigations, root cause analyses, and vulnerability assessments. • Develop and refine incident response playbooks, processes, and KPIs in line with ICT risk governance. • Conduct post-incident reviews and share best practices to enhance security awareness across the organisation. • Collaborate closely with risk management, compliance, and IT infrastructure teams to improve resilience and reduce risk exposure. Your work will directly influence how the organisation detects, responds to, and recovers from cyber threats, ensuring business continuity and trust. What you bring You are an experienced cyber security professional who thrives in high-stakes environments: • Degree in Computer Science, Information Security, or related field — or equivalent professional experience. • Several years of hands-on experience in cyber security operations, incident response, or SOC/CSIRT functions. • Strong technical knowledge of networks, operating systems, malware analysis, and modern attack techniques (e.g., APTs, ransomware). • Familiarity with regulatory frameworks such as ISO 27001, NIST, BAIT, or DORA is advantageous. • Exceptional problem-solving and decision-making skills under pressure. • Excellent communication skills in English; German proficiency highly valued. • Ability to operate effectively within a complex, international enterprise environment. What’s on offer • A strategic role at the heart of a leading international organisation. • Competitive compensation with performance-based bonuses and attractive benefits. • Hybrid working model offering flexibility and work-life balance. • A culture of innovation, collaboration, and continuous professional development. • Opportunities to work with cutting-edge security technologies and industry-leading experts. About the opportunity This position is being managed exclusively by MAM Gruppe, a specialist recruitment partner connecting world-class professionals with leading organisations across Europe. All applications are handled with the strictest confidentiality.

Cloud Security Architect (Multi-Cloud) Location: Frankfurt (Hybrid) Our client is seeking an experienced Cloud Security Architect to join a leading DAX 40 organisation headquartered in Frankfurt. In this strategic role, you will design and implement enterprise-grade security architectures across a multi-cloud environment (AWS, Azure, and GCP) supporting critical digital transformation initiatives. You will work closely with cloud engineering, DevOps, platform, and enterprise architecture teams to ensure cloud services are deployed securely, comply with regulatory standards, and align with enterprise security frameworks. Key Responsibilities: Design and implement secure cloud architecture patterns across AWS, Microsoft Azure, and Google Cloud Platform. Define and maintain cloud security reference architectures, guardrails, and best practices. Lead security architecture reviews for cloud-based applications and infrastructure. Implement Zero Trust, IAM, network segmentation, and workload protection strategies. Collaborate with DevOps teams to integrate security into CI/CD pipelines (DevSecOps). Establish and maintain cloud governance, policies, and compliance controls. Support implementation of security tools including CASB, CSPM, CWPP, and SIEM integrations. Conduct threat modelling and risk assessments for new cloud initiatives. Ensure compliance with GDPR, ISO 27001, NIST, and other regulatory frameworks relevant to enterprise environments. Provide technical leadership and guidance to engineering teams on secure cloud deployments. Required Experience: 8+ years experience in information security or cloud security architecture. Proven experience designing multi-cloud security architectures (AWS, Azure, and/or GCP). Strong understanding of identity and access management (IAM), encryption, network security, and workload protection. Experience implementing DevSecOps practices and automated security controls. Knowledge of enterprise security frameworks such as NIST, CIS, ISO 27001, and Zero Trust. Experience with cloud security tooling (Prisma Cloud, Wiz, Lacework, Defender, etc.). Strong stakeholder management and ability to influence engineering and leadership teams. Certifications such as CISSP, CCSP, AWS Security Specialty, Azure Security Engineer, or Google Professional Cloud Security Engineer. Experience within large enterprise or regulated environments (finance, manufacturing, automotive, or technology). Familiarity with Kubernetes, containers, and modern cloud-native architectures. What We Offer: Opportunity to work within a globally recognised DAX 40 organisation driving large-scale cloud transformation. Competitive salary package with performance bonus. Flexible hybrid working model in Frankfurt. Access to cutting-edge cloud and security technologies.