Senior Specialist Security Consultant (m/w/d)

DATEV eG is seeking a Senior Specialist Security Consultant (m/w/d) in Nürnberg.

Summary

• Work Hours: Full-time
• Type: Permanent position

Desired Skills & Knowledge

• PaaS
• Kubernetes
• Payroll
• Cloud
• Computer Science
• Security
• DATEV
• Security
• Compliance
• Digitalization
• Mobile App
• WorkStream
• Continuous Integration
• Management
• Engineering
• Assertiveness
• Openness
• Responsible work ethic
• Communication skills
• Acceptance
• Self-motivation
• Structured work ethic

Our Benefits

• Training opportunities
• Flexible working hours
• Home office

Job Description

• Opportunity to work from "home office" in the sense of mobile, location-independent work within Germany, including the associated technical equipment.
• Flexible working hours, including the option for time off in lieu for good work-life balance.
• Large selection of technical and personal development opportunities, both during and outside of working hours, as well as numerous internal communities for networking and mutual learning.
• And much more...

About Us: DATEV is more than just a green rectangle. We are one of the largest software and IT service providers in Europe, headquartered in Nuremberg. More than 9,000 employees are dedicated to driving the digitalization of our over 800,000 customers' business processes. They rely on our PC and cloud solutions as well as mobile apps, using them to process approximately 14 million payrolls each month, for example. We are a strong and open community where people not only arrive quickly but also like to stay. Our culture of security and openness, combined with a technologically advanced work environment, ensures this. Diversity, Equity, and Inclusion are essential for us to ensure everyone can participate equally in working life. DATEV is committed to this every day. The best future is created in a strong community. #WirsindDATEV!

Your Responsibilities

As an experienced Security Consultant (m/f/d), you will ensure that the security requirements and guidelines of our company in the Human Resource Management business area are consistently implemented and adhered to. In close cooperation with the involved teams, you will work with a high degree of personal responsibility and strong self-organization within the entire scope of the workstream.

• You will impart knowledge and advise colleagues in the development of cloud-native applications, focusing on security architectures, standards, and the implementation of security requirements in software architectures.
• You will evaluate and prioritize vulnerabilities identified by security tools (e.g., Fortify, Mend), accompany penetration tests, and conduct threat and risk analyses.
• You will familiarize yourself with current security requirements and governance guidelines and ensure their consistent implementation.
• You will actively drive security needs in the Human Resource Management business area, initiate measures, and network across interfaces and workstreams.
• You will establish Security SLOs as measurable metrics in the workstream and create transparency for product teams, especially regarding the timely remediation of vulnerabilities.
• You will holistically analyze and further develop the development process from a security perspective, along the entire Secure Software Development Lifecycle (SDLC).
• You will build in-depth, practical knowledge with a focus on security in PaaS environments (Cloud Foundry), CaaS platforms (Kubernetes), and Infrastructure as Code (IaC).
• You will acquire domain knowledge in Human Resource Management expertise, particularly payroll, to classify security risks accurately (e.g., protection needs, data flows, compliance requirements).

Your Profile

• Successfully completed studies (e.g., Computer Science/IT Security) or a comparable qualification with many years of relevant professional experience.
• Several years of experience in Application Security / DevSecOps / Secure SDLC – you have implemented security processes, not just documented them.
• Demonstrable experience in CI/CD security and the integration of automated security checks/quality gates.
• Experience with SAST and SCA (tooling, finding triage, remediation support).
• Very good understanding of web services/APIs and typical vulnerability/attack models in distributed systems.
• Ability to evaluate vulnerabilities based on risk, prioritize them clearly, and consistently track their implementation.
• Very good communication skills: You can explain complex topics to the target audience (Engineering, Management) and facilitate decision-making.
• You are a doer: You proactively drive topics, bring structure to complex or unclear issues, and deliver results.
• You are assertive without being overbearing: You gain acceptance and create alignment across teams and departments.
• You think strategically but can also get hands-on with tools/findings when necessary.

Qualifications

Technical Skills

• APIs, CaaS, Cloud Computing, Cloud Foundry, Compliance, Continuous Integration, DevSecOps, Distributed Computing, Fortify, Governance, Computer Science, Information Security, Infrastructure as Code (IaC), Engineering, Kubernetes, Metrics, PaaS, Penetration Testing, Human Resources, Risk Analysis, Security Requirements, Software Architecture, Software Development, Static Application Security Testing, System Development Lifecycle, Triage, Compensation Management, Vulnerability, Web Services

Personal Skills

• Self-motivation, Decision-making ability, Communication

Education

• Bachelor's degree

Work Experience

• With work experience

Application

• Apply now

Industry:

ICT

Employer:

DATEV eG

Address:

DATEV eG Paumgartnerstr 6 14 90429 Nürnberg

Web:

http://datev.de

Benefits: Training opportunities, Flexible working hours, Home office Remote Model: Hybrid Country Code: de