Homeoffice Ethical Hacker (Application Security) bei Drees & Sommer SE

Creating a future worth living for future generations gets us out of bed every morning. Depending on the project, we are consultants, implementers, or both for sustainable, innovative and economical solutions for real estate, industry, energy and infrastructure. Our more than 6,500 employees at 70 locations worldwide support our customers in interdisciplinary teams. Our thinking is both visionary and realistic. We work independently and as part of a team. With passion and the latest technologies. We unite. Join us at Dreso and let’s create a world we want to live in.

We are looking for a highly skilled and motivated Ethical Hacker (Application Security) to strengthen our Cybersecurity Operations team. In this role, you will help secure the digital backbone of our organization by identifying vulnerabilities, simulating real-world attacks, and ensuring our applications are resilient against evolving threats. You’ll work closely with developers, architects, and IT teams to embed security into every stage of the development lifecycle.

Your Responsibilities:

• Conduct penetration tests and security assessments on web, mobile, and cloud-based applications.
• Integrate SAST, DAST, SCA and secrets-scanning tools into build pipelines; enforce security gate policies and champion secure coding standards with development teams.
• Perform code reviews and threat modeling in collaboration with development teams.
• Develop and maintain secure coding guidelines and best practices.
• Support incident response teams with forensic analysis and root cause investigations.
• Stay current with the latest vulnerabilities, attack vectors, and mitigation techniques.
• Contribute to security awareness and training initiatives across the organization.
• Plan and execute quarterly red-team simulations. Translate findings into new detections, control enhancements, or developer training.
• Provide architectural guidance for new product features, focusing on threat modelling, security design reviews, and compliance (OWASP, GDPR).

• Strong hands-on experience in ethical hacking, penetration testing, or red teaming.
• Proficient in tools such as Burp Suite, OWASP ZAP, and custom scripts.
• Solid understanding of common vulnerabilities (OWASP Top 10, CWE) and secure development practices.
• Comfortable reading and reviewing code in languages such as C#, Python, Java, JavaScript, and SQL.
• Familiarity with frameworks like AngularJS.
• Awareness of AI/LLM-related application security risk is a plus.
• 3-5 years of experience in penetration testing or security consulting preferred.
• Degree in Computer Science, Information Security, or a related field.
• Professional certifications such as OSCP, OSWE, or BSCP are a strong advantage.
• At least 2 years of experience in information security- related roles.

• A dynamic and collaborative environment where cybersecurity is a strategic priority.
• A team that values creativity, initiative, and continuous improvement.
• To ensure your work-life balance, we offer the option of mobile working.
• We promote your professional and personal development through individual training and further education at the Drees & Sommer Academy.
• We support your health with a bonus for sports enthusiasts. We offer the possibility of subscribing to a private health insurance policy.
• Employees benefit from tax advantages related to their commuting expenses for the office.
• Fiscal advantages for employees expenses in meal costs during worktime. Employee referral program with attractive bonus scheme.
• Supporting career and family by receiving tax benefits for kindergarten expenses.