About Hapag-Lloyd
With a fleet of 264 modern container ships and a total transport capacity of 2.0 million TEU, Hapag-Lloyd is one of the world’s leading liner shipping companies. In the Liner Shipping segment, the Company has around 13,500 employees and 400 offices in 135 countries. Hapag-Lloyd has a container capacity of 2.9 million TEU – including one of the largest and most modern fleets of reefer containers. A total of 113 liner services worldwide ensure fast and reliable connections between more than 600 ports across the world. In the Terminal & Infrastructure segment, Hapag-Lloyd has stakes in 20 terminals in Europe, Latin America, the United States, India, and North Africa. The roughly 2,600 employees assigned to the Terminal & Infrastructure segment handle terminal-related activities and provide complementary logistics services at selected locations.

Summary of the Role

The Enterprise Security Testing Program Lead will be instrumental overseeing and executing comprehensive pen testing programs for uncovering vulnerabilities and weaknesses within our systems and networks, bolstering the security and integrity of our digital assets. Reporting to the Head of Security Operations and part of our CISO team, the candidate will lead and further develop our Security Testing as a Service and other security testing and Red Team capabilities, working closely with our partners and collaborating closely with cross-functional teams to elevate Hapag-Lloyd’s cybersecurity defenses.

In this role, you will have the opportunity to shape the future of Hapag-Lloyd’s cybersecurity strategy by contributing to cutting-edge security solutions and working with a team of passionate professionals dedicated to staying ahead of cyber threats. Hapag-Lloyd is committed to fostering a culture of innovation and continuous learning in the ever-evolving field of cybersecurity. By joining Hapag-Lloyd, you will play a pivotal role in fortifying our digital fortress, safeguarding our organization’s invaluable assets, and navigating the intricate landscape of cyber threats with confidence and expertise.

Hapag-Lloyd’s commitment to excellence extends to providing our team with the resources, training, and opportunities needed to thrive in the cybersecurity domain. If you are ready to lead, innovate, and protect, we invite you to join us in our mission to secure our digital future.

Responsibilities and Tasks

  • Develop, plan, implement, and oversee comprehensive security, penetration testing, red & purple teaming, and vulnerability capabilities & assessments, to identify vulnerabilities in systems, applications, and networks.
  • Provide guidance during penetration testing campaigns and adversary simulation engagements throughout the enterprise.
  • Work closely with Vulnerability Management to conduct comprehensive vulnerability assessments and prioritize vulnerabilities for remediation based on risk and impact.
  • Generate detailed and actionable reports derived from penetration testing, red and purple teaming activities, including recommended remediation steps and security best practices.
  • Work closely with cross-functional teams, including IT, development, and compliance, to ensure alignment on security initiatives and remediation efforts.
  • Promote security awareness and best practices across the organization through training and awareness programs.
  • Evaluate and select security testing tools and manage their implementation for maximum effectiveness.
  • Stay up to date with the latest security threats, trends, vulnerabilities, and industry best practices, and integrate them into the penetration testing program.
  • Ensure compliance with industry standards and regulatory requirements related to penetration testing and adversary simulation.
  • Convey the proper security severity by explaining the risk exposure and its consequences to non-technical stakeholders.
  • Drive the competencies, capabilities, strategies, and methodologies within CISO functions and Hapag-Lloyd in the field of penetration testing.

Requirements and Qualifications

  • Master’s or bachelor’s degree or equivalent technical training in Information Technology, Information Systems Security, Cybersecurity, or related field.
  • Five years of professional experience within information security testing, penetration testing, ethical hacking, red teaming or relevant domain experience in large companies and corporate experience.
  • In-depth knowledge of penetration testing and red/purple teaming methodologies and tools.
  • Strong understanding of operating systems, networks, web applications, and cloud technologies.
  • Industry certifications such as OSCP, OSCE, GPEN, PNPT, CRTO, CRTP are highly desired.
  • A commitment to ethical hacking practices and responsible disclosure of vulnerabilities.
  • Experience working with threat intelligence frameworks (like MITRE ATT&CK/D3FEND), Web Application Security principles (such as OWASP), and security-related legal and regulatory requirements (BSI KRITIS, ISO 27001, …) is convenient.
  • Strong analytical and problem-solving skills to identify and assess vulnerabilities and recommend solutions.
  • Demonstrated leadership abilities, including the ability to motivate and mentor a team of cybersecurity professionals.
  • Experience in tech, security or shipping industry would be desired but not essential.
  • Strong interpersonal skills to facilitate building relationships within the organization, with key stakeholders, such as IT and business partners, to coordinate activities and professionally communicate findings.
  • Ability to support yourself and other team members in development: Act as ONE Team.
  • Fluent both in written and spoken English.

We offer

  • Dynamic and modern working atmosphere in a newly renovated, modern office in the heart of Hamburg’s city center
  • At least 28 days of vacation, flextime, capital-forming benefits, hybrid work model
  • Subsidy for public transportation
  • Bike leasing for all positions
  • Restaurant and coffee bar
  • Health and company sports programs (e.g., yoga, sailing, fitness courses, and much more)
  • Corporate volunteering cooperation with purpozed


Save time with your application and send us only your CV for now. You can easily apply online by using our application tool. 

We kindly ask recruiters and employment agencies to refrain from sending us unsolicited profiles and CVs of potential applicants for this or other positions advertised on our website.

Contact person

Dawid Bujalla Manager Talent Acquisition & Employer Branding