What we achieve together

• You will align and drive application security across Group IT–managed and internally developed applications, collaborating closely with interdisciplinary development teams to ensure a secure end‑to‑end lifecycle
• Your responsibilities will include managing regulatory compliance activities for NIS2, the Cyber Resilience Act and ISO/IEC 27001, enabling our organisation to meet high standards of cyber resilience with confidence
• By creating technical concepts and solution designs, you establish robust Application Security Architecture practices, including Secure Software Development Lifecycle, Static and Dynamic Application Security Testing and Software Composition Analysis
• After analysing and evaluating business requirements, you take decisions and conduct security assessments with a special focus on Identity and Access Management, ensuring secure Role‑Based Access Control, Multi‑Factor Authentication, Identity Federation and Privileged Access Management
• Together with Group IT teams, you define and implement API and service security standards, leveraging OAuth 2.0, OpenID Connect, JSON Web Tokens and Mutual Transport Layer Security to protect critical interfaces
• Your responsibilities will include contributing to vulnerability and patch management processes, threat modelling (STRIDE) and risk assessments (MITRE ATT&CK), shaping an environment that continuously evolves to counter emerging risks

What makes us successful together

• Qualification: You have a degree in business administration, computer science, or a comparable qualification
• Experience: You bring practical experience in Application Security Architecture (Secure SDLC, SAST, DAST, SCA), Identity and Access Management and regulatory compliance (NIS2, CRA, ISO/IEC 27001 Annex A), enabling you to contribute effectively from day one
• Know-how and skills: You demonstrate strong know how in API and service security (OAuth2, OpenID Connect, JWT, mTLS) and apply secure by design principles when guiding teams and shaping technical solutions
• Nice to have: You ideally bring additional knowledge in threat modelling (STRIDE), MITRE ATT&CK, secure CI/CD integration (pipeline hardening, automated code scanning) or vulnerability and patch management processes
• Personality: You are characterized by analytical thinking, a collaborative and structured work style and the ability to explain complex topics in an empowering and approachable way
  Language skills: You speak fluent English and feel comfortable in an international environment; German language skills are an advantage.

What you can count on

• Hybrid Work: We offer our employees the opportunity to work on a hybrid basis. There is also the option to temporarily work from a country within the European Union
• Salary: We offer an attractive remuneration package in accordance with the NRW IG Metall collective wage agreement, including vacation pay and Christmas bonus.
• Onboarding: Our clearly structured onboarding process, including an Onboarding App, enables us to integrate new employees into Vaillant Group quickly and in a targeted manner
• Health management: We offer comprehensive preventive health counseling & measures
• Individual development: Our development programs "GROW, EVOLVE, LEAD and EXCEL" prepare you for the next step in your career