The Security Architecture department is part of the Group Chief Information Security Office, which protects DHL Group against cyber-attacks and strengthens the Group’s activities in the field of cybersecurity. It covers the relevant technological aspects and is responsible for the domain-specific development and further enhancement of a Group-wide security architecture, with the goal of ensuring and continuously improving IT security and cyber resilience for DHL Group.
Senior Expert (m/f/d) 085‑5 / AT nltd Level 2 (BesGr A 14/A 15)
IT Security Senior Specialist (m/f/d)
Key Responsibilities
Identify external and internal threat scenarios for the Group and develop cross‑functional solutions - including technological measures and strategic roadmaps - to ensure a unified, Group‑wide security architecture
* Analysis of cybersecurity IAM trends relevant to DHL Group (e.g., regulations, technology developments e.g. AI, Cloud, NHI).
* Creation of IAM specific risk assessments as part of the technical security architectures design work (cost, benefit, risk reduction, etc.).
* Evaluation of IAM specific threat scenarios relevant to DHL Group and the development of a IAM security architecture including target state, gap and risk analysis, and roadmaps.
o Development of high-level IAM security architectures — from requirements gathering to roadmaps.
o Definition of IAM-related security standards and security baselines.
o Development of reusable security architecture artefacts (patterns, blueprints).
* Continuous stakeholder management with business and experts representatives to identify action areas (e.g., EIAM – Cloud, On-Premise, CIAM, etc. ) and develop security solutions.
o Steer solution design and implementation as a Subject Matter Expert.
o Exchange, align, and present within Group-wide working groups, business divisions, and IT security forums.
* Assess and validate the current IT infrastructure security posture vs. industry best practices, guidelines and threats.
o Provide recommendation to improve security and reduce risks.
o Propose improvements based on best practices (e.g., based on ISO or NIST).
Professional Requirements
* Completed university degree, preferably in Computer Science or comparable qualification.
* Many years of relevant professional experience in the Identity and Access management domain, preferably proven experience delivering IAM architecture in large organizations.
* Excellent knowledge and experience in security architecture roles – developing technology-specific and enterprise-level security architecture (target state, roadmaps).
* Experience in the architecture and design of IAM solutions with deep technical and preferably with the following technologies (or similar technologies)
o Cloud and On-premises IAM solutions such as Microsoft Entra ID, Intune, AppProxy, Active directory, Google Cloud Identity, Ping Identity, Okta.
o PAM solutions such as Cyber Ark / BeyondTrust
o IGA solutions such as SailPoint / Oracle OIG
o Identity Federation, SSO and MFA, passwordless (FIDO2)
o AuthZ and AuthN technologies and protocols (SAML, OAuth2, OIDC, Kerberos)
o Zero Trust Architecture (NIST 800-207 or similar)
* Deep understanding of attackers’ mindset and offensive security, preferably offensive security training (OSCP+/ CEH or similar)
* Very good English language skills, German language skills is an advantage
Personal Requirements
* Strong analytical and conceptual skills.
* Excellent communication and presentation skills.
* Strong team orientation and excellent relationship-building skills.
* High degree of adaptability to different working styles and cultures.
* Integrity and loyalty.
Notes for Applicants:
* Please apply with your complete documents (resume, cover letter, and certificates) online via the application link in the job posting.
* Contact persons: Christian Klenner, Telefon +49 (0) 228 18951938
* We welcome applications from all individuals – regardless of age, gender, origin, religion, or physical characteristics.
* Severely disabled individuals and those with equal status will be given preference when qualifications are equal.