About Hapag-Lloyd
With a fleet of 264 modern container ships and a total transport capacity of 2.0 million TEU, Hapag-Lloyd is one of the world’s leading liner shipping companies. In the Liner Shipping segment, the Company has around 13,500 employees and 400 offices in 135 countries. Hapag-Lloyd has a container capacity of 2.9 million TEU – including one of the largest and most modern fleets of reefer containers. A total of 113 liner services worldwide ensure fast and reliable connections between more than 600 ports across the world. In the Terminal & Infrastructure segment, Hapag-Lloyd has stakes in 20 terminals in Europe, Latin America, the United States, India, and North Africa. The roughly 2,600 employees assigned to the Terminal & Infrastructure segment handle terminal-related activities and provide complementary logistics services at selected locations.

We are seeking a highly skilled and experienced Platform Security Lead (PSL), to join our team and strengthen the security posture of our platforms.  

As the Platform Security Lead within the CISO Department, you will be responsible for driving security by design in the IT & Development teams, assessing potential security threats or breaches, setting awareness on security aspects to consider bringing up, and driving security requirements in cooperation with our CISO Teams.

To be a successful PSL, you should have excellent attention to details, as well as strong strategic planning skills. Outstanding PSLs display excellent communication, interpersonal, and top-notch technical skills. 

Responsibilities and Tasks

As Platform Security Lead, make an impact at Hapag-Lloyd by

  • Driving security by design in the IT & development teams
  • Performing risk assessments to eliminate as many potential risks as possible, to include: preforming designs reviews, producing security requirements, preforming gap analysis, validating security controls implementation, supporting pen-tests activities, supporting IT teams with advice on vulnerabilities’ remediation activities, articulate existing risks to support risk acceptance processes, as well as issuing formal Risk Opinion reports
  • Driving the conception of DevSecOps within our DevOps teams
  • Being the First Point of Contact for almost all security-related topics. The platform security lead will act as the conduit to expertise available within the CISO department
  • Formally assessing information security risks related to solution / business projects, determining the potential impact of those risks, and conducting follow-up, throughout the project lifecycle, on any necessary remediation efforts
  • Working hand-in-hand with IT teams (developers, architects, product owners, business) to serve the platform’s requirements and CISO requirements to ensure that the security posture is in line with the risk appetite and threat landscape
  • Developing a specialized knowledge of and key relationships with the platform, ensuring that security is imbedded in the platform and that its security needs are being met
  • Collaborating with other team members to identify opportunities for implementing common security solutions
  • Supporting our CISO Risk & Compliance team and participating in the creation, review and update of information security policies 
  • Remaining up to date with the latest security systems, tools, trends, and technology

Requirements and Qualifications
At Hapag-Lloyd, you’ll be working for one of the leading shipping companies in the world. You are bursting with the ambition to keep up with us. And specifically for this vacancy as a Platform
Security Lead for the CISO department, you are skilled at communication, presentation and stakeholder management. You supplement these skills with

  • Master’s or Bachelor’s degree or equivalent technical training in Information Technology, Information Systems Security, Cybersecurity, or related field
  • Minimum 4 years of relevant IT and Information Security experience and you can act independently with minimal supervision
  • Experience with security architectures such as cloud, mobile, enterprise, web and app security architecture
  • Proven experience with any of the following threat modelling frameworks: MITRE ATT&CK, STRIDE, PASTA
  • Understanding core concepts of: ISO 27001, ISO 27017, NIST, NTSC, OWASP, CIS, CVSS
  • Experience with security tests in place to fight off things like code execution, SQL injection and cross site scripting
  • Experience with security in cloud computing and microservices architecture
  • Familiarity with security-related legal and regulatory requirements
  • Demonstrate specialized knowledge in web application security and mobile application security, including data protection methods, and as required, share this expertise with other team members to facilitate ongoing activities
  • Be a generalist specialist with a good breath of knowledge across several of security with deep expertise in 2 or 3 areas
  • Excellent communication skills and the ability to translate technical jargon for non-technical stakeholders

German language expectations: We expect all international candidates to be willing to learn at least the basics of the German language in case they are accepted for the position. This will enable you to participate in social and community life in Germany and at our company premises in the best possible way.

What we offer

  • Dynamic and modern working atmosphere in a newly renovated, modern office in the heart of Hamburg’s city center
  • At least 28 days of vacation, flextime, capital-forming benefits, hybrid work model
  • Subsidy for public transportation
  • Bike leasing for all positions
  • Restaurant and coffee bar
  • Health and company sports programs (e.g., yoga, sailing, fitness courses, and much more)
  • Corporate volunteering cooperation with purpozed.org

#hapaglloyd

Save time with your application and send us only your CV for now. You can easily apply online by using our application tool. 

We kindly ask recruiters and employment agencies to refrain from sending us unsolicited profiles and CVs of potential applicants for this or other positions advertised on our website.

Contact person

Dawid Bujalla Manager Talent Acquisition & Employer Branding