For Business For Home

Security Lead (m/f/d)

Application Security & Information Security Management

About AceBIT

AceBIT GmbH is an internationally active software company based in Darmstadt (founded in 1998). Our main product, Password Depot, runs on Windows, macOS, iOS, Android and the web – complemented by Password Depot Enterprise Server for enterprise customers. Our products enjoy an excellent reputation and are used worldwide by enterprises, SMEs and private users.

Your role at a glance

Security is a core product characteristic for us. You embed security throughout the entire development process and represent it internally and externally – pragmatically and with a focus on impact.

Your responsibilities

Security in the development process

  • Threat modeling, deriving security requirements, and defining guidelines for code reviews.
  • Training for developers.
  • Security reviews during and after development (static and dynamic).
  • Reviewing libraries/components and maintaining a software bill of materials (SBOM).
  • End-to-end vulnerability management: from reporting and remediation through to disclosure.

Product security architecture

  • Selecting and implementing cryptographic methods.
  • Secure handling of secrets (e.g. keys, passwords) and key management.
  • Creating and maintaining hardening guides.
  • Coordinating external security tests and tracking findings through to verification.

Preparation for security incidents

  • Incident response plans, exercises, and structured communication with customers and the public.
  • Responsible disclosure of vulnerabilities (disclosure process/VDP).

Privacy by design

  • Collaboration with legal/data protection; support with tenders and security questionnaires.

Information security management (practical and hands-on)

  • Building or further developing a lean ISMS (e.g. aligned with ISO/IEC 27001 or with SOC 2 audits in mind) – without bureaucracy for bureaucracy’s sake.

Framework & resources

  • Resources: Budget for security tooling, external penetration tests, and, if needed, ISO consulting.
  • Reporting line: direct reporting line to executive management; close collaboration with development and support.

Ihr Profil (Muss)

  • Several years of experience in application security or security engineering (desktop, mobile, or server).
  • Hands-on experience with Secure SDLC measures, common security reviews, and automation.
  • Strong knowledge of authentication and authorization, as well as secure platform key stores (Windows, macOS, Android, iOS).
  • Risk-based prioritization and clear, audience-appropriate communication internally and with enterprise customers.
  • Very good written and spoken German and English.

Nice to have

  • Experience with ISO/IEC 27001 and SOC 2, as well as coordinated vulnerability disclosure.
  • Experience with CI/CD processes.
  • Experience maintaining software bills of materials.

Was AceBIT Ihnen bietet

  • A high degree of creative freedom and personal responsibility with direct impact.
  • Short decision-making paths and a friendly, appreciative atmosphere in a small team.
  • Modern workspaces with height-adjustable desks, ergonomic chairs, and state-of-the-art hardware, plus a quiet room, billiards room, and kitchen with dining area.
  • Central location in downtown Darmstadt–right by Herrngarten–with excellent transport links.
  • Flexible working hours (core hours 10:00 a.m.–4:00 p.m.).
  • 30 days of vacation.
  • Above-average salary, depending on experience and level of responsibility.

Interesse?

Senden Sie Ihre vollständigen Bewerbungsunterlagen inklusive Gehaltsvorstellung und Verfügbarkeit bitte ausschließlich per E‑Mail an georgia.tsaousidis@acebit.com. Wir freuen uns auf Ihre Bewerbung!

Jetzt bewerben