-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

RFC 2350 Profile - New Work Security Team
=========================================

1. About this document

This document describes the New Work Security Team according to RFC 2350.

It is intended to provide the general Internet community and other
security teams with basic information.


1.1. Date of Last Update

This version was published on 2025-04-10.


1.2 Distribution List for Notifications

There is no distribution list for this document.
Our RFC 2350 profile is kept up-to-date on the location named in section 1.3.


1.3 Locations where this Document May Be Found

The current version of this document is available on our website:

  https://www.new-work.se/.well-known/rfc-2350.txt


1.4 Authenticating this Document

This document is available via HTTPS. It is clearsigned with the following key:

  https://www.new-work.se/.well-known/openpgpkey/nwse-security.asc


2. Contact Information

2.1 Name of the Team

Full name:
  New Work Security and Technical Risk Management Team

Short name:
  New Work Security Team


2.2 Address

  New Work SE
  Security and Technical Risk Management
  Am Strandkai 1
  20457 Hamburg
  Germany


2.3 Time Zone

  CET (UTC+1) / CEST (UTC+2, daylight saving time)


2.4 Telephone Number

  +49 40 419 131 - 0 (ask for the Security Team)


2.5 Facsimile Number

  +49 40 419 131 - 11


2.6 Other Telecommunication Options

  None available.


2.7 Electronic Mail Address

  security-reports [at] new-work [dot] se


2.8 Public Keys and Other Encryption Information

To encrypt sensitive data, please use our PGP key.

 - PGP: 0x4DE98B5552A50B92 (RSA, 4096 bits)
   https://www.new-work.se/.well-known/openpgpkey/nwse-security.asc
   https://keys.openpgp.org/search?q=4DE98B5552A50B92


2.9 Team Members

Tilmann Haak is head of the New Work Security Team and CISO. Management,liaison and
supervision are provided by Björn Linder (Senior Vice President Engineering).


2.10 Other Information

General information about the New Work Security Team and security at New Work in
general can be found at:

  https://privacy.xing.com/en/your-security

We are listed in the TF-CSIRT / Trusted Introducer directory:

  https://www.trusted-introducer.org/directory/teams/xing.html


2.11 Points of Customer Contact

The preferred method for contacting the New Work Security Team is via e-mail
at:

  security-reports [at] new-work [dot] se

We can be reached by telephone during regular office hours.

For general issues, please contact our support at:

  https://www.xing.com/support/contact


3. Charter

3.1 Mission Statement

We assist and advise New Work SE and its subsidiaries (New Work Group) while
asserting New Work Group's security interests vis-à-vis internal and external parties.

Our mission is to ensure that the New Work Group and its customer data are as
secure as possible.

We provide a single point of contact for all security issues affecting
the New Work Group for both internal and external parties.


3.2 Constituency

Our constituency consists of the New Work Group including:

  InterNations GmbH
  NEW WORK AUSTRIA XING kununu onlyfy GmbH
  New Work Networking Portugal Unipessoal Lda.
  New Work Networking Spain S.L.
  NEW WORK XING AG
  Prescreen GmbH i.L.
  kununu GmbH

We are responsible for the following autonomous systems:

  AS50343
  AS207139


3.3 Sponsorship and/or Affiliation

The New Work Security Team is part of New Work SE located in Hamburg, Germany.


3.4 Authority

The Security Team responds to, investigates, and coordinates security
incidents on behalf of the New Work Group.


4. Policies

4.1 Types of Incidents and Level of Support

The New Work Security Team addresses all types of information security
incidents which occur, or threaten to occur, within its remit.

The level of support depends on the severity of the respective incident.
We only provide limited direct support to users of the XING jobs network.
Please contact our support team at:

  https://www.xing.com/support/contact


4.2 Cooperation, Interaction and Disclosure of Information

Within the process of responding to an incident, we will exchange
necessary information with other authorised parties on an appropriate
legal basis.

The New Work Security Team supports the traffic light protocol for information
sharing as published on https://www.first.org/tlp/.
Do not send unencrypted e-mails containing information labelled AMBER or
RED.

We operate under German law. This involves careful handling of
personally identifiable data with regards to data protection and privacy
laws. We may be obliged to disclose information if required by or under
any enactment or by a rule of law or order of a court.


4.3 Communication and Authentication

For sensitive information, use encrypted e-mail (our public keys are
listed in section 2.8). For non-sensitive information, unencrypted
e-mail, fax, or telephone is considered to be sufficient.


5. Services

5.1 Incident Response

The New Work Security Team deals with and assists in the technical and
organisational aspects of information security incidents.

 - Analysis of information security incidents within our remit
 - Assessment of security vulnerabilities


5.2 Proactive Activities

 - Detect malicious activities within the XING jobs network
 - Generate awareness among New Work Group's employees and partner organisations
 - Perform security audits, reviews, and test software applications


6. Incident Reporting Forms

Regarding the XING jobs network, you may use our regular contact
form by going to the topic "Privacy Policy and Security":

  https://www.xing.com/support/contact/security

You can report abuse or suspicious activity directly within the XING
platform, e.g. by using the "report as spam" or "report profile"
functionality.

For all other information regarding security incidents, please contact
us via e-mail.
-----BEGIN PGP SIGNATURE-----

iQJOBAEBCAA4FiEEfnw1fKXUkVvEB/azTemLVVKlC5IFAmf3wXQaHHNlY3VyaXR5
LXJlcG9ydHNAeGluZy5jb20ACgkQTemLVVKlC5LFNg/8DMVKIHDMV0Ncb0MIOld6
DPavGfo3vSlVOFnyxAi6mk8SkNsTVk0VZHpUs+f2QxhmmonxFeHKtBz470oDep2X
P6rX6Zvv5zSSj5d4E4lO+9P3Re77zbQxMiP19Jug/kzaBT0fmIOinGYSv89fS0gj
1/T4RpNZY6f+yiumsy7uEf7Fvo3FgHREnQ1UwgUdaNX5w8yy4cl7+86F2qb9uwtj
RpOvnkCYoWNFN855ivHDhFAkwd0f+RW1b2HNlU9DT1HSH9mT07TxLiUI3obsytXC
o6w4uepg1+QPcx22EFiaF9pDsNndM4EKdeXdujdSsigaIRvkKi/uy3MUOPcamy3f
ZvJ1DRBn+TIvm2oONS3Bot7P9miM/g/w7uWCC2f0a7H/c88XkKNAQDkp6tFgWGyt
Q/6RO/jq2s+s0WsdhkG2QO6VEJM4O5Nwj/5EfeWnUATd/+z4OxS8SswpkiYT9JXR
r22b1Ga/O3Z1qWOPWsmNQGOA8AmHFeHt3IzG5SCzTLPuyWW5/QNSAL90KhByEQbq
XglEzeEGhhyCLep9Bbh5V9tmTGM8Glr2y4NPC/c/IN+04f/SKD+nVsoU0JmCpavM
Bc5MsgUjoCcxgVnpa8I2o3QodLUo88HHSYUuu9AdVGxJ4nZj+oEjdb50miSzhEHK
YyByP3G3JL6nOhTNjE43riE=
=BTTv
-----END PGP SIGNATURE-----