Back to search
neoshare AG Linkedin · Posted 12d ago

Head of Offensive & Defensive Security (f/m/x)

Sofia City

Linkedin
Continue to application Add your email once, then Caio opens the original posting.

Indexed description

Location: Sofia, willingness to travel required


About the Role

As Head of Red & Blue Team Security, you will lead our offensive and defensive security functions and own the development and execution of a comprehensive security assurance strategy. With a strong emphasis on penetration testing and adversarial simulation, you will embed security deeply into our Software Development Lifecycle (SDLC) and ensure that engineering teams consistently apply security-first principles. You will act as the key liaison between product development, compliance, legal, and external partners — translating complex regulatory requirements into practical, scalable security solutions across our platform.


What You'll Do

Red & Blue Team Leadership

  • Lead, grow, and mentor both the Red Team (offensive) and Blue Team (defensive), fostering a culture of continuous adversarial thinking and security resilience.
  • Drive penetration testing programs — both internal and coordinated with external partners — across infrastructure, applications, and cloud environments.
  • Oversee vulnerability assessments, threat intelligence, and security analyses, and ensure findings translate into actionable remediation plans.
  • Expand and mature the Red & Blue Team capabilities through new tooling, methodologies, and threat simulation frameworks


Security Engineering & Strategy

  • Take full ownership of technical and organizational aspects of product security.
  • Develop and implement security standards and processes, including Secure SDLC, Threat Modeling, and security testing integration into CI/CD pipelines.
  • Build and lead a specialized Security Engineering team alongside the Red & Blue functions.
  • Define and implement additional defensive strategies to strengthen the organization's overall security resilience.


Stakeholder Collaboration & Governance

  • Partner closely with Product Development to integrate security requirements early in the development process and negotiate effective remediation timelines for identified vulnerabilities.
  • Work with Information Security, Data Protection, Compliance, and Legal teams to ensure platform-wide regulatory adherence.
  • Communicate and present the security strategy, architecture, and assurance posture to customers, partners, regulators, and auditors.
  • Support the onboarding of new banking partners by ensuring platform security and stability meet required standards.


Organizational Impact

  • Strengthen the visibility and authority of the security function within the broader organization.
  • Introduce and champion digital security tooling to enhance detection, response, and overall security operations.
  • Continuously raise the security bar across teams through training, awareness, and policy enforcement.


What You Bring

  • Several years of experience in product security or security engineering, ideally within regulated SaaS, fintech, or banking environments.
  • Proven hands-on experience leading Red Team and/or Blue Team operations, including penetration testing, threat hunting, and incident response.
  • Strong technical understanding of modern software architectures — particularly cloud-native environments, containerized systems (e.g., Kubernetes), and CI/CD pipelines.
  • Experience designing and implementing security processes within software development contexts (Secure SDLC, DevSecOps).
  • Familiarity with relevant regulatory frameworks such as ISO 27001, BAIT, DORA, or equivalent.
  • Ability to work in a structured and effective way across departments and with external auditors.
  • Strong English skills, both written and spoken.
  • High willingness to travel.


Why us?

International & Inclusive Team: Collaboration with diverse teams at our locations in Munich, Frankfurt, Berlin, and Sofia.

Modern & Dog-friendly Offices: Ergonomic, green, and inspiring for collaboration and productivity.

Flexibility: 30 vacation days, flexible working hours, and hybrid work.

Special Time Off: Additional half-day off on Christmas Eve and New Year's Eve.

Workation: Work remotely for a limited period each year from selected destinations.

Wellbeing & Mobility Benefits: Support for well-being and sustainable lifestyle:

  • Urban Sports/EGYM Club subsidy: Monthly support for your membership.
  • Jobticket: 50% monthly subsidy for the Deutschlandticket.
  • JobRad: Leasing of bicycles or e-bikes at attractive conditions.


Candidates must have the right to work in the EU; visa sponsorship is not provided for this role.

Free. 20 seconds. No password. See every match in this search.

Create a free Caio profile to unlock more results and save your role and location preferences.

Unlock free search
Want help applying to roles like this? Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent