Lead Security Engineer (m/f/d)

Overview

Location: remote (occasional travel to other locations within Germany)

Working Hours: Full-time

Contract: Initially limited until December 2026 (planned to be transferred to a newly founded government-funded company with permanent contracts)

Start Date: As soon as possible

About us

We are looking for people who want to shape the future of Digital Identity with us. As part of SPRIND, the Federal Agency for Breakthrough Innovations, we operate like a start-up. Our goal: create breakthrough innovations from Germany — products, services and systems that make life noticeably and sustainably better. We connect new thinkers from science and business, people with outstanding ideas, expertise and passion.

In the EUDI Wallet project, carried out on behalf of the Federal Ministry of Digitalization and State Modernization (BMDS), we develop and implement the German EUDI Wallet ecosystem, including the national wallet, in an interdisciplinary, agile and international team. Representatives from civil society, business associations, administration and academia are involved in a public consultation process accompanying the project.

Your role

As a Senior Security Engineer (m/f/d), you will identify, analyze, and mitigate security vulnerabilities across core components of the EUDI Wallet ecosystem, including the German EUDI Wallet, the PID Provider, and the Ecosystem Management Portal. In a fast-paced innovation environment, you will lead security testing strategies, manage penetration testing, and launch our public bug bounty program. You’ll work closely with developers, product managers, architects, and security experts—alongside external partners and the wider security community—to ensure security is both built in and thoroughly tested from concept to production.

Your Responsibilities

• Design, implement, and manage comprehensive security testing strategies across web, mobile, and backend platforms
• Conduct internal penetration tests (manual and automated), vulnerability assessments, and red teaming activities
• Define the scope for and coordinate external penetration tests and research collaborations
• Establish, launch, and manage a structured public bug bounty program
• Triage vulnerability reports and ensure timely remediation by the affected teams and ecosystem stakeholders
• Develop and maintain threat models and security requirements in close coordination with development and product teams
• Continuously monitor emerging threats and security trends, and actively engage with research experts, the German BSI, and the broader security community to strengthen our overall security posture.
• Communicate risks, findings, and recommendations clearly to both technical and non-technical stakeholders
• Contribute to a culture of security awareness and best practices across the organization

What we’re looking for

• A Degree in computer science, cybersecurity or related field (or equivalent non-formal education) with proven track record in mobile/web app security and distributed systems.
• 7+ years’ experience in security engineering, penetration testing or related roles in startups, consulting, or high-security industries (e.g. finance, eIDAS, insurance, manufacturing, automotive, aerospace, defense).
• Expertise in penetration testing, vulnerability management, and bug bounty programs; motivated to establish a government bug bounty program for the EUDI wallet ecosystem.
• Strong knowledge of security testing tools, secure coding, threat modeling, and secure software development lifecycle (SSDLC).
• Experience with cloud environments, container/API security, web tech, HSMs, CI/CD, and securing complex multi-stakeholder systems.
• Analytical mindset, initiative, pragmatic problem-solving, and strong communication skills for interdisciplinary teamwork.

What we offer

• A key role at a crucial time in one of Germany’s most important digital public infrastructure initiatives
• A forward-thinking, mission-driven work culture at the intersection of science, administration, and innovation
• Attractive compensation based on the responsibility of the position
• Flexible working hours and remote work options
• Access to conferences, workshops, team events, and a highly supportive and interdisciplinary work culture