[Hiring] IT Security Engineer @Digistore24

Role Description

Do you have IT support experience and enjoy assisting our team with their daily tasks in both German and English? Then this could be your new dream job!

• Protect our systems and cloud environments:
  • You continuously analyze security risks, implement modern security standards, and ensure the protection of our cloud infrastructure and critical business systems.
• Establish clear security policies and processes:
  • You further develop our security policies, standardize security processes, and ensure their adoption across the entire organization.
• Drive security awareness and training initiatives:
  • You strengthen security awareness throughout the company through training sessions, workshops, and proactive communication with all teams.
• Ensure structured incident and risk management:
  • You identify security incidents at an early stage, coordinate their handling, prepare analyses, and continuously improve our incident response procedures.
• Ensure compliance with standards and regulations (PCI, ISO, NIS2):
  • You support the company in meeting external compliance requirements, prepare audits, and guide business units through compliance processes.
• Monitor our core security mechanisms:
  • You analyze security-critical components, support monitoring and audit processes, and ensure transparency regarding security-relevant events.
• Collaborate closely with Product, IT, and Engineering teams:
  • You support other teams in designing secure solutions, reducing risks, simplifying security processes, and contributing to a secure, scalable overall architecture.
• Ensure a secure software development lifecycle:
  • You expand our secure development lifecycle (SSDLC), support teams on security-related topics, and ensure that security reviews are a reliable part of our processes.

Qualifications

• You identify security risks at an early stage and proactively think in terms of solutions.
• You have a strong understanding of how software, infrastructure, and cloud systems interact.
• Assessing the security of systems, services, and processes is your passion.
• Nice-to-have: Experience with compliance standards such as ISO 27001, PCI DSS, or NIS2.
• Nice-to-have: Experience with security testing (e.g., SAST, DAST, vulnerability scans).
• Understanding of secure development and infrastructure processes (SSDLC, Cloud Security, IAM, Risk Management).
• Strong analytical thinking when evaluating security incidents and vulnerabilities.
• Excellent communication skills – able to explain technical risks in a clear and understandable way.
• Basic knowledge of cloud environments (GCP/AWS) and automated workflows (e.g., CI/CD).
• Nice-to-have: Experience with security tools and standards such as SIEM, SSO/MFA, audits, and policies.

Requirements

• This position is NOT for you if:
  • You do not enjoy identifying and minimizing security risks.
  • You struggle with structured analytical work and forward-thinking planning.
  • You are not interested in continuously learning about security topics: IT security is constantly evolving.
  • You do not enjoy working independently on security-critical projects.
  • You tend to avoid conflicts: security sometimes means addressing clear risks openly and directly.
  • You do not feel comfortable working in an international team.
  • You do not identify with our values.

Benefits

• Work in our partner's coworking spaces (max. 3 days a week) or in your home office, as long as you can guarantee uninterrupted internet access.
• Regular further education.
• The stability of an extremely successful German high-tech company that is funded by its successful product and not by investors.
• Outcome focused teams and a culture of direct feedback.
• Modern equipment: MacBook.
• International, collaborative team with strong cohesion.
• Spectacular team events in various European countries.
• Autonomy from day one.
• Work in your team on a first-name basis, without a dress code, and at eye level.
• Flexible working hours from Mondays to Fridays.