Senior Information Security Specialist
PAIR Finance
full-time
Posted on:
Location Type: Hybrid
Location: Berlin • Germany
Visit company websiteExplore more
Job Level
About the role
- Evaluate and strengthen internal security controls and processes, driving continuous improvement of our Information Security Management System and related policies
- Participate in internal and external audits (e.g. ISO 270xx)
- Develop and enhance threat models for PAIR Finance resources and services, conducting security risk assessments and defining targeted mitigation strategies based on threat models
- Investigate end-to-end information-security incidents and prepare comprehensive reports for management and regulators
- Monitor threat intelligence, hacking techniques, and CVEs affecting our AWS and M365 environments
- Collaborate with DevOps and Product teams to integrate security throughout the Software Development Lifecycle
- Assess both in-house and third-party AI systems for security, compliance, and data protection requirements
- Implement AI security frameworks such as NIST AI RMF and OWASP ML/AI Security
- Utilize Wiz and similar platforms to identify, prioritize, and remediate cloud security risks (CSPM/CIEM)
- Execute vulnerability scans, analyze DAST results, and support penetration testing activities
Requirements
- Strong communication skills in English (B2+) and German (minimum B1, B2 preferred)
- Academic degree in Information Security, Cybersecurity, or a related field
- 3+ years of hands-on experience securing cloud infrastructure (AWS, Azure, GCP); AWS expertise is highly desirable (SecurityHub, IAM, WAF, GuardDuty)
- Solid knowledge of security frameworks such as ISO 270xx, BSI Grundschutz, NIST, SOC2
- Practical experience with cloud security platforms and CSPM/CIEM (Wiz experience is a significant advantage)
- Ability to write and maintain clear technical documentation
- Technical expertise to evaluate the severity and applicability of vulnerabilities and the quality of fixes in a cloud environment
- Proven track record with vulnerability management, DAST tools, and penetration testing methodologies (OWASP, PTES)
- Forward-thinking mindset with knowledge of emerging AI security threats (prompt injection, model misuse, data poisoning)
- Relevant certifications (nice-to-have): CISSP, CISM, CISA, ISO 27001 Lead Implementer / Lead Auditor, AWS Security Specialty, BSI Grundschutz Practitioner, AI-related certifications (e.g. Certified AI Security Specialist)
Benefits
- Thriving, financially stable company
- Strong, experienced international team to support and mentor you, with a smooth onboarding process
- International team of 30+ nationalities with professionals and experts
- Flat hierarchy, transparent and appreciative feedback culture, monthly all-hands meetings, annual feedback and evaluation cycle, regular 1:1s with your lead
- Well-structured onboarding process and supportive, welcoming colleagues
- Personal learning & development budget, plus German and English language courses
- Competitive salary reflecting strong performance
- Permanent contract, flexible working hours, and 28 vacation days to support your work–life balance
- Company pension plan, partially subsidized Deutschlandticket (public transport), and access to the “Corporate Benefits” voucher platform to support your well-being
- Fun company summer and Christmas parties, plus regular team events
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
information security managementsecurity risk assessmentsvulnerability managementpenetration testingcloud securitythreat modelingsecurity frameworksDAST toolsAI security frameworkssecurity incident investigation
Soft Skills
communication skillscollaborationtechnical documentationproblem-solvingforward-thinking mindset
Certifications
CISSPCISMCISAISO 27001 Lead ImplementerISO 27001 Lead AuditorAWS Security SpecialtyBSI Grundschutz PractitionerCertified AI Security Specialist