Head of Offensive & Defensive Security

Your mission About the Role
As Head of Red & Blue Team Security, you will lead our offensive and defensive security functions and own the development and execution of a comprehensive security assurance strategy. With a strong emphasis on penetration testing and adversarial simulation, you will embed security deeply into our Software Development Lifecycle (SDLC) and ensure that engineering teams consistently apply security-first principles. You will act as the key liaison between product development, compliance, legal, and external partners — translating complex regulatory requirements into practical, scalable security solutions across our platform.

What You'll Do
Red & Blue Team Leadership

• Lead, grow, and mentor both the Red Team (offensive) and Blue Team (defensive), fostering a culture of continuous adversarial thinking and security resilience.
• Drive penetration testing programs — both internal and coordinated with external partners — across infrastructure, applications, and cloud environments.
• Oversee vulnerability assessments, threat intelligence, and security analyses, and ensure findings translate into actionable remediation plans.
• Expand and mature the Red & Blue Team capabilities through new tooling, methodologies, and threat simulation frameworks

Security Engineering & Strategy

• Take full ownership of technical and organizational aspects of product security.
• Develop and implement security standards and processes, including Secure SDLC, Threat Modeling, and security testing integration into CI/CD pipelines.
• Build and lead a specialized Security Engineering team alongside the Red & Blue functions.
• Define and implement additional defensive strategies to strengthen the organization's overall security resilience.

Stakeholder Collaboration & Governance

• Partner closely with Product Development to integrate security requirements early in the development process and negotiate effective remediation timelines for identified vulnerabilities.
• Work with Information Security, Data Protection, Compliance, and Legal teams to ensure platform-wide regulatory adherence.
• Communicate and present the security strategy, architecture, andassuranceposture to customers, partners, regulators, and auditors.
• Support the onboarding of new banking partners by ensuring platform security and stability meet required standards.

Organizational Impact

• Strengthen the visibility and authority of the security function within the broader organization.
• Introduce and champion digital security tooling to enhance detection, response, and overall security operations.
• Continuously raise the security bar across teams through training, awareness, and policy enforcement.

Your profile What You Bring

• Several years of experience in product security or security engineering, ideally within regulated SaaS, fintech, or banking environments.
• Proven hands-on experience leading Red Team and/or Blue Team operations, including penetration testing, threat hunting, and incident response.
• Strong technical understanding of modern software architectures — particularly cloud-native environments, containerized systems (e.g., Kubernetes), and CI/CD pipelines.
• Experience designing and implementing security processes within software development contexts (Secure SDLC,DevSecOps).
• Familiarity with relevant regulatory frameworks such as ISO 27001, BAIT, DORA, or equivalent.
• Ability to work in a structured and effective way across departments and with external auditors.
• Fluent German and strong English skills, both written and spoken.
• High willingness to travel.

Why us? International & Inclusive Team: Collaboration with diverse teams at our locations in Munich, Frankfurt, Berlin, and Sofia.
Modern & Dog-friendly Offices: Ergonomic, green, and inspiring for collaboration and productivity.
Flexibility: 30 vacation days, flexible working hours, and hybrid work.
Special Time Off: Additional half-day off on Christmas Eve and New Year's Eve.
Workation: Work remotely for a limited period each year from selected destinations.
Wellbeing & Mobility Benefits: Support for well-being and sustainable lifestyle:

• Urban Sports/EGYM Club subsidy: Monthly support for your membership.
• Jobticket: 50% monthly subsidy for the Deutschlandticket.
• JobRad: Leasing of bicycles or e-bikes at attractive conditions.

Candidates must have the right to work in the EU; visa sponsorship is not provided for this role. About us neoshare AG, founded in 2019 in Munich, has quickly evolved into an international fintech company and now operates locations in Munich, Düsseldorf, Frankfurt and Sofia, Bulgaria. As an “AI-First Company,” it offers an innovative end-to-end solution with its SaaS platform "neoshare" for the efficient digitization and management of large-scale project and real estate financing. In close collaboration with banks and real estate companies, the product is continuously developed to sustainably transform the financial sector.