Home › Companies › Neoshare › Head of Offensive & Defensive Security (m/w/d)
Head of Offensive & Defensive Security (m/w/d)
Neoshare · München · Hybrid · Active · Personio
Job facts
| Field | Value |
|---|---|
| Company | Neoshare |
| Title | Head of Offensive & Defensive Security (m/w/d) |
| Normalized title | - |
| Department / team | Platform Security & Assurance / full time employee |
| Location | München |
| Work model | Hybrid / Hybrid |
| Employment type | Full Time |
| Salary | - |
| Status | active |
| ATS provider | Personio |
| Posted / first seen | 2026-03-09 / 2026-05-30 |
| Changed / last seen | 2026-06-02 / 2026-06-06 |
Related slices
| Page | What it contains | Open |
|---|---|---|
| Company jobs | Active postings from Neoshare. | Open |
| Company breakdowns | Role, location, ATS, and work model facets for this company. | Open |
| ATS provider jobs | Active postings observed through Personio. | Open |
| Provider filtered search | The same provider as a filtered job collection. | Open |
| Department jobs | Active postings in Platform Security & Assurance. | Open |
| Work model jobs | Active Hybrid postings. | Open |
| Lifecycle events | Open, update, close, and reopen events for this posting. | Open |
| Original posting | Canonical source or apply URL captured from the ATS. | Open |
Linked records
| Company | Neoshare |
| Source | 7cc7b5e7-b985-40c9-a866-72593e317cf6 |
| ATS provider | Personio |
Description
Your mission
About the Role
As Head of Red & Blue Team Security, you will lead our offensive and defensive security functions and own the development and execution of a comprehensive security assurance strategy. With a strong emphasis on penetration testing and adversarial simulation, you will embed security deeply into our Software Development Lifecycle (SDLC) and ensure that engineering teams consistently apply security-first principles. You will act as the key liaison between product development, compliance, legal, and external partners — translating complex regulatory requirements into practical, scalable security solutions across our platform.
What You'll Do
Red & Blue Team Leadership
Lead, grow, and mentor both the Red Team (offensive) and Blue Team (defensive), fostering a culture of continuous adversarial thinking and security resilience. Drive penetration testing programs — both internal and coordinated with external partners — across infrastructure, applications, and cloud environments. Oversee vulnerability assessments, threat intelligence, and security analyses, and ensure findings translate into actionable remediation plans. Expand and mature the Red & Blue Team capabilities through new tooling, methodologies, and threat simulation frameworks Security Engineering & Strategy
Take full ownership of technical and organizational aspects of product security. Develop and implement security standards and processes, including Secure SDLC, Threat Modeling, and security testing integration into CI/CD pipelines. Build and lead a specialized Security Engineering team alongside the Red & Blue functions. Define and implement additional defensive strategies to strengthen the organization's overall security resilience.
Stakeholder Collaboration & Governance
Partner closely with Product Development to integrate security requirements early in the development process and negotiate effective remediation timelines for identified vulnerabilities. Work with Information Security, Data Protection, Compliance, and Legal teams to ensure platform-wide regulatory adherence. Communicate and present the security strategy, architecture, and assurance posture to customers, partners, regulators, and auditors. Support the onboarding of new banking partners by ensuring platform security and stability meet required standards. Organizational Impact
Strengthen the visibility and authority of the security function within the broader organization. Introduce and champion digital security tooling to enhance detection, response, and overall security operations. Continuously raise the security bar across teams through training, awareness, and policy enforcement.
Your profile
What You Bring
Several years of experience in product security or security engineering, ideally within regulated SaaS, fintech, or banking environments. Proven hands-on experience leading Red Team and/or Blue Team operations, including penetration testing, threat hunting, and incident response. Strong technical understanding of modern software architectures — particularly cloud-native environments, containerized systems (e.g., Kubernetes), and CI/CD pipelines. Experience designing and implementing security processes within software development contexts (Secure SDLC, DevSecOps ). Familiarity with relevant regulatory frameworks such as ISO 27001, BAIT, DORA, or equivalent. Ability to work in a structured and effective way across departments and with external auditors. Strong English skills, both written and spoken. High willingness to travel .
Why us?
International & Inclusive Team: Collaboration with diverse teams at our locations in Munich, Frankfurt, Berlin, and Sofia. Modern & Dog-friendly Offices: Ergonomic, green, and inspiring for collaboration and productivity. Flexibility: 30 vacation days, flexible working hours, and hybrid work. Special Time Off: Additional half-day off on Christmas Eve and New Year's Eve. Workation: Work remotely for a limited period each year from selected destinations. Wellbeing & Mobility Benefits: Support for well-being and sustainable lifestyle: Urban Sports/EGYM Club subsidy: Monthly support for your membership. Jobticket: 50% monthly subsidy for the Deutschlandticket. JobRad: Leasing of bicycles or e-bikes at attractive conditions. Candidates must have the right to work in the EU; visa sponsorship is not provided for this role.
Full job record
| Job ID | eb79f63549954250896d1be2cf48ed081b01dd71 |
| Org ID | f63418f2-3a58-40e9-8009-dd3aebc81329 |
| Source ID | 7cc7b5e7-b985-40c9-a866-72593e317cf6 |
| Board ID | 7cc7b5e7-b985-40c9-a866-72593e317cf6 |
| Provider | personio |
| Provider Job Key | 2557402 |
| Title | Head of Offensive & Defensive Security (m/w/d) |
| Normalized Title | — |
| Status | active |
| Active | yes |
| Location Text | München |
| Department | Platform Security & Assurance |
| Team | full time employee |
| Employment Type | full_time |
| Workplace Type | hybrid |
| Remote Policy | hybrid |
| Country | München |
| Region | — |
| City | — |
| Salary Raw | — |
| Salary Min | — |
| Salary Max | — |
| Salary Currency | — |
| Salary Period | — |
| Source URL | https://neoshare.jobs.personio.de/job/2557402?language=en |
| Apply URL | https://neoshare.jobs.personio.de/job/2557402?language=en |
| First Seen At | 2026-05-30 05:53:50Z |
| Last Seen At | 2026-06-06 07:58:20Z |
| Last Checked At | 2026-06-06 07:58:20Z |
| Last Changed At | 2026-06-02 11:44:47Z |
| Inactive At | — |
| Source Posted At | 2026-03-09 11:27:58Z |
| Source Updated At | — |
| Raw Payload Uri | s3://job-postings-prod-raw-590183727216/raw/provider=personio/board=neoshare.de/date=2026-06-06/2026-06-06T07-58-19-849Z-c05ab60dbb265383abe129672647142f2791bffb4155b725209cf5a2e5eee2ba.json |
Event Fields
{
"content_hash": "a0f9a72e4291ac5d7111f0c5ae7cf17a703a4d06fc71f0585ffdae587818828a",
"source_hash": "37cc256c1fabdb688d3ca115530f79a7eda5228694609dedd96f8cec0d3474cb",
"last_changed_at": "2026-06-02T11:44:47.303Z",
"active_status": "active"
}Parsed Structured
{
"language": "en",
"location": {
"raw": "München",
"city": null,
"region": null,
"country": "München",
"is_remote": false,
"confidence": 0.8
},
"salary_max": null,
"salary_min": null,
"inferred_at": "2026-06-06T07:58:20.702Z",
"launch_scope": {
"reason": "personio_production_catalog",
"included": true,
"location": {
"raw": "München",
"city": null,
"region": null,
"country": "München",
"is_remote": false,
"confidence": 0.8
},
"countries": [
"München"
]
},
"remote_policy": "hybrid",
"salary_period": null,
"workplace_type": "hybrid",
"salary_currency": null
}Extensions
{}Native Structured
{
"id": "2557402",
"name": "Head of Offensive & Defensive Security (m/w/d)",
"office": "München",
"keywords": [],
"schedule": "full-time",
"createdAt": "2026-03-09T11:27:58+00:00",
"seniority": "experienced",
"department": "Platform Security & Assurance",
"occupation": "software_and_system_architecture",
"subcompany": "neoshare AG",
"employmentType": "permanent",
"jobDescriptions": [
{
"name": "Your mission",
"value": "About the Role <br>As Head of Red & Blue Team Security, you will lead our offensive and defensive security functions and own the development and execution of a comprehensive security assurance strategy. With a strong emphasis on penetration testing and adversarial simulation, you will embed security deeply into our Software Development Lifecycle (SDLC) and ensure that engineering teams consistently apply security-first principles. You will act as the key liaison between product development, compliance, legal, and external partners — translating complex regulatory requirements into practical, scalable security solutions across our platform.<br><br>What You'll Do<br>Red & Blue Team Leadership <br><ul><li><span><span>Lead, grow, and mentor both the Red Team (offensive) and Blue Team (defensive), fostering a culture of continuous adversarial thinking and security resilience.</span></span></li><li><span><span>Drive penetration testing programs — both internal and coordinated with external partners — across infrastructure, applications, and cloud environments.</span></span></li><li><span><span>Oversee vulnerability assessments, threat intelligence, and security analyses, and ensure findings translate into actionable remediation plans.</span></span></li><li><span><span>Expand and mature the Red & Blue Team capabilities through new tooling, methodologies, and threat simulation frameworks </span></span></li></ul>Security Engineering & Strategy <br><ul><li><span><span>Take full ownership of technical and organizational aspects of product security.</span></span></li><li><span><span>Develop and implement security standards and processes, including Secure SDLC, Threat Modeling, and security testing integration into CI/CD pipelines.</span></span></li><li><span><span>Build and lead a specialized Security Engineering team alongside the Red & Blue functions.</span></span></li><li><span><span>Define and implement </span><span>additional </span><span>defensive strategies to strengthen the organization's overall security resilience.</span></span></li></ul> <br>Stakeholder Collaboration & Governance <br><ul><li><span><span>Partner closely with Product Development to integrate security requirements early in the development process and negotiate effective remediation timelines for </span><span>identified </span><span>vulnerabilities.</span></span></li><li><span><span>Work with Information Security, Data Protection, Compliance, and Legal teams to ensure platform-wide regulatory adherence.</span></span></li><li><span><span>Communicate and present the security strategy, architecture, and</span><span>assurance</span><span>posture to customers, partners, regulators, and auditors.</span></span></li><li><span><span>Support the onboarding of new banking partners by ensuring platform security and stability meet required standards.</span></span></li></ul>Organizational Impact <br><ul><li><span><span>Strengthen the visibility and authority of the security function within the broader organization.</span></span></li><li><span><span>Introduce and champion digital security tooling to enhance detection, response, and overall security operations.</span></span></li><li><span><span>Continuously raise the security bar across teams through training, awareness, and policy enforcement.</span></span></li></ul>"
},
{
"name": "Your profile",
"value": "What You Bring <br><ul><li><span><span>Several years of experience in product security or security engineering, ideally within regulated SaaS, fintech, or banking environments.</span></span></li><li><span><span>Proven hands-on experience leading Red Team and/or Blue Team operations, including penetration testing, threat hunting, and incident response.</span></span></li><li><span><span>Strong technical understanding of modern software architectures — particularly cloud-native environments, containerized systems (e.g., Kubernetes), and CI/CD pipelines.</span></span></li><li><span><span>Experience designing and implementing security processes within software development contexts (Secure SDLC,</span><span>DevSecOps</span><span>).</span></span></li><li><span><span>Familiarity with relevant regulatory frameworks such as ISO 27001, BAIT, DORA, or equivalent.</span></span></li><li><span><span>Ability to work in a structured and effective way across departments and with external auditors.</span></span></li><li><span><span>Strong English skills, both written and spoken.</span></span></li><li><span><span>High willingness to travel</span><span>.</span></span></li></ul>"
},
{
"name": "Why us?",
"value": "<strong style=\"border:0px solid;margin:0px;\">International & Inclusive Team:</strong><span> </span>Collaboration with diverse teams at our locations in Munich, Frankfurt, Berlin, and Sofia.<br style=\"border:0px solid;margin:0px;\"><strong style=\"border:0px solid;margin:0px;\">Modern & Dog-friendly Offices:</strong><span> </span>Ergonomic, green, and inspiring for collaboration and productivity.<br style=\"border:0px solid;margin:0px;\"><strong style=\"border:0px solid;margin:0px;\">Flexibility:</strong><span> </span>30 vacation days, flexible working hours, and hybrid work.<br style=\"border:0px solid;margin:0px;\"><strong style=\"border:0px solid;margin:0px;\">Special Time Off:</strong><span> </span>Additional half-day off on Christmas Eve and New Year's Eve.<br style=\"border:0px solid;margin:0px;\"><strong style=\"border:0px solid;margin:0px;\">Workation:</strong><span> </span>Work remotely for a limited period each year from selected destinations.<br style=\"border:0px solid;margin:0px;\"><strong style=\"border:0px solid;margin:0px;\">Wellbeing & Mobility Benefits:</strong><span> </span>Support for well-being and sustainable lifestyle:<ul style=\"border:0px solid;\"><li style=\"border:0px solid;margin:0px;\"><strong style=\"border:0px solid;margin:0px;\">Urban Sports/EGYM Club subsidy:</strong><span> </span>Monthly support for your membership.</li><li style=\"border:0px solid;margin:0px;\"><strong style=\"border:0px solid;margin:0px;\">Jobticket:</strong><span> </span>50% monthly subsidy for the Deutschlandticket.</li><li style=\"border:0px solid;margin:0px;\"><strong style=\"border:0px solid;margin:0px;\">JobRad:</strong><span> </span>Leasing of bicycles or e-bikes at attractive conditions.</li></ul><span style=\"border:0px solid;margin:0px;\"><em style=\"border:0px solid;margin:0px;\">Candidates must have the right to work in the EU; visa sponsorship is not provided for this role. </em></span>"
}
],
"occupationCategory": "it_software",
"recruitingCategory": "full time employee"
}Get this page with API
Rendered from the bluedoor Job Postings API. Reproduce it:
GET https://api.bluedoor.sh/job-postings/v1/jobs/eb79f63549954250896d1be2cf48ed081b01dd71?include=descriptionJSONGET https://api.bluedoor.sh/job-postings/v1/orgs/f63418f2-3a58-40e9-8009-dd3aebc81329JSONGET https://api.bluedoor.sh/job-postings/v1/sources/7cc7b5e7-b985-40c9-a866-72593e317cf6JSONGET https://api.bluedoor.sh/job-postings/v1/jobs/eb79f63549954250896d1be2cf48ed081b01dd71/eventsJSON