IT Security Consulting / DevSecOps (m/f/d)

We are seeking qualified IT security management specialists to support public authorities and institutions in creating, maintaining, and further developing IT security concepts based on the BSI IT Baseline Protection standard. A particular focus is on the standardization of security processes, the use of ISMS tools (especially Fuentis), and targeted consulting in the area of ​​DevSecOps for the integrated embedding of security requirements into development and operational processes. Responsibilities: Creation, further development, and implementation of IT security concepts according to BSI standards (200-1 to 200-4); modeling and documentation of information systems; conducting risk analyses, protection requirement assessments, and security evaluations; planning and implementation of technical and organizational security measures; preparation and execution of awareness training on information security (including live hacking demonstrations); design and delivery of training courses (e.g., for information security officers); creation of guidelines, sample service instructions, and framework documents; use and configuration of ISMS tools (e.g., Fuentis ISMS; other BSI-compliant tools); consulting and support for the integration of security processes in line with DevSecOps principles; updating existing IT security concepts and verifying their compliance with standards; participation in audits according to ISO 27001 based on IT baseline protection. Requirements: Mandatory qualifications: BSI certification Audit Team Leader for ISO 27001 based on IT Baseline Protection Extensive practical experience with BSI Standards 200-1 to 200-4 Demonstrated experience in modeling at least three information systems Experience in conducting nationwide awareness and training measures on information security Experience in creating nationwide security guidelines and service instructions Proven use of ISMS tools, especially Fuentis ISMS Project management experience in the public sector B-Criteria: Experience with information systems of multiple organizational units Experience in updating existing security concepts (e.g., guidelines, encryption concepts) Experience with integrating security measures into CI/CD pipelines Knowledge of modern DevOps/DevSecOps methods Practical knowledge of secure software development (secure coding, threat modeling, security testing) Experience with common automation and configuration tools We look forward to receiving your application!