(Senior) Product Security Manager (m/f/x) onsite / remote in Germany

(Senior) Product Security Manager (m/f/x) onsite / remote in Germany

• Full-time

Scalable Capital is a leading digital investment platform in Europe, empowering individuals to shape their financial futures. Our offerings include the Scalable Broker for investing in stocks, ETFs, and exchange-traded products, as well as Scalable Wealth, a digital wealth management service. We also operate the European Investor Exchange (EIX), a stock exchange for retail investors across Europe, with over 27 billion euros held on our platform by more than one million clients.

Founded in 2014, we employ over 500 people across Munich, Berlin, Vienna, and London. Together with our leadership team, including Erik Podzuweit and Florian Prucker, we are developing a new generation of financial services.

We are seeking an experienced security leader to develop and lead our Product Security program. You will define the secure-by-design strategy for all customer-facing products, oversee architecture reviews and penetration testing, and collaborate closely with engineering and DevOps to embed security controls throughout the development lifecycle. Your responsibilities will include roadmap planning, people development, and cross-functional communication.

Key responsibilities

1. Define and execute the product-security roadmap, including design reviews, threat modeling, penetration testing, secure coding standards, and testing automation.
2. Lead and mentor a multidisciplinary team of security experts.
3. Conduct risk assessments and facilitate threat modeling workshops.
4. Establish and maintain product-security playbooks, review checklists, and engagement models for engineering teams.
5. Coordinate vulnerability remediation efforts, providing clear risk assessments and status updates to product, engineering, and executive leadership.
6. Serve as the main point of contact for product squads, ensuring timely security reviews and pragmatic guidance.
7. Promote a security champion network by organizing workshops and sharing best practices to embed security-by-design throughout the SDLC.
8. Ensure compliance of product security processes with relevant regulations and industry standards.

Qualifications:

• 6+ years of application or product security experience, including 2+ years in a leadership role.
• Proven track record in establishing secure development lifecycle practices, threat modeling, penetration testing, and vulnerability management workflows.
• Solid understanding of modern cloud and application architectures, CI/CD pipelines, and offensive security testing techniques.
• Hands-on experience with code review, threat modeling, and penetration testing.
• Strong leadership, project management, and stakeholder communication skills.
• Excellent written and verbal communication skills, capable of conveying risks to both technical and non-technical audiences.
• Familiarity with threat modeling frameworks, secure coding standards, and industry compliance requirements.
• Relevant certifications (CISSP, CSSLP, OSWE/OSCP, or equivalent) are advantageous.

What we offer

• Be part of a fast-growing, impactful Fintech startup creating innovative services for our customers.
• Work with an international, diverse, and inclusive team passionate about building the best products.
• Option to work from our centrally located offices in Munich or Berlin, or remotely within Germany (if eligible).
• Access to the latest hardware and tools to support your work.
• Opportunities for learning and growth through knowledge sharing sessions and an Education Budget.
• Experience German culture firsthand with free language classes.
• International relocation support.
• Flexible vacation policy and the option to work from abroad.
• Competitive compensation and company pension scheme.
• Monthly contribution of 25% for the ‘Deutschland Jobticket’.
• Complimentary PRIME+ Broker subscription, replacing order commissions.

#J-18808-Ljbffr