Head of Offensive & Defensive Security (m/w/d)

About the Role 
As Head of Red & Blue Team Security, you will lead our offensive and defensive security functions and own the development and execution of a comprehensive security assurance strategy. With a strong emphasis on penetration testing and adversarial simulation, you will embed security deeply into our Software Development Lifecycle (SDLC) and ensure that engineering teams consistently apply security-first principles. You will act as the key liaison between product development, compliance, legal, and external partners — translating complex regulatory requirements into practical, scalable security solutions across our platform.

What You'll Do
Red & Blue Team Leadership 

• Lead, grow, and mentor both the Red Team (offensive) and Blue Team (defensive), fostering a culture of continuous adversarial thinking and security resilience.
• Drive penetration testing programs — both internal and coordinated with external partners — across infrastructure, applications, and cloud environments.
• Oversee vulnerability assessments, threat intelligence, and security analyses, and ensure findings translate into actionable remediation plans.
• Expand and mature the Red & Blue Team capabilities through new tooling, methodologies, and threat simulation frameworks 

Security Engineering & Strategy 

• Take full ownership of technical and organizational aspects of product security.
• Develop and implement security standards and processes, including Secure SDLC, Threat Modeling, and security testing integration into CI/CD pipelines.
• Build and lead a specialized Security Engineering team alongside the Red & Blue functions.
• Define and implement additional defensive strategies to strengthen the organization's overall security resilience.

 
Stakeholder Collaboration & Governance 

• Partner closely with Product Development to integrate security requirements early in the development process and negotiate effective remediation timelines for identified vulnerabilities.
• Work with Information Security, Data Protection, Compliance, and Legal teams to ensure platform-wide regulatory adherence.
• Communicate and present the security strategy, architecture, andassuranceposture to customers, partners, regulators, and auditors.
• Support the onboarding of new banking partners by ensuring platform security and stability meet required standards.

Organizational Impact 

• Strengthen the visibility and authority of the security function within the broader organization.
• Introduce and champion digital security tooling to enhance detection, response, and overall security operations.
• Continuously raise the security bar across teams through training, awareness, and policy enforcement.

What You Bring 

• Several years of experience in product security or security engineering, ideally within regulated SaaS, fintech, or banking environments.
• Proven hands-on experience leading Red Team and/or Blue Team operations, including penetration testing, threat hunting, and incident response.
• Strong technical understanding of modern software architectures — particularly cloud-native environments, containerized systems (e.g., Kubernetes), and CI/CD pipelines.
• Experience designing and implementing security processes within software development contexts (Secure SDLC,DevSecOps).
• Familiarity with relevant regulatory frameworks such as ISO 27001, BAIT, DORA, or equivalent.
• Ability to work in a structured and effective way across departments and with external auditors.
• Fluent German and strong English skills, both written and spoken.
• High willingness to travel.

International & Inclusive Team: Collaboration with diverse teams at our locations in Munich, Frankfurt, Berlin, and Sofia.
Modern & Dog-friendly Offices: Ergonomic, green, and inspiring for collaboration and productivity.
Flexibility: 30 vacation days, flexible working hours, and hybrid work.
Special Time Off: Additional half-day off on Christmas Eve and New Year's Eve.
Workation: Work remotely for a limited period each year from selected destinations.
Wellbeing & Mobility Benefits: Support for well-being and sustainable lifestyle:

• Urban Sports/EGYM Club subsidy: Monthly support for your membership.
• Jobticket: 50% monthly subsidy for the Deutschlandticket.
• JobRad: Leasing of bicycles or e-bikes at attractive conditions.

Candidates must have the right to work in the EU; visa sponsorship is not provided for this role.