Responsibilities
1. Define and implement application security measures
2. Design secure SDLC and create corresponding concepts, standards and guidance materials
3. Select, introduce and operate SAST and DAST
4. Design Threat Modelling using industry frameworks like STRIDE or PASTA and implement together with Product Security Officer
5. Coordinate information security test management
6. Ensure security across CI/CD pipelines and practices
7. Application vulnerability and patch management incl. SBOM
8. Ensure usage and compliance to open-source software licenses
9. Promote secure coding practices and educate developers on the importance of security in software development
10. Design and implement secure application architectures that align with organizational security policies and standards
11. Collaborate with cross-functional teams, including development, operations, security, and compliance, to ensure effective communication of security risks and recommendations
12. Communicate technical information to both technical and non-technical stakeholders, including senior leadership and customers
Qualifications
1. Strong understanding of web application vulnerabilities (e.g., OWASP Top 10) and remediation strategies
2. Proficiency in secure coding practices and development methodologies
3. Experience with cloud-based platforms and containerization (e.g., Docker)
4. Knowledge of security frameworks and standards (e.g., NIST Cybersecurity Framework, OWASP Top10, OWASP ASVS)
5. CISSP, or related security certifications
6. Great enthusiasm for Information Security
7. Intrinsic motivation, never ending curiosity
8. Quick thinking and continuous learning personality and thus are able to dive into new topics quickly, filter and digest the relevant information
9. Inquisitive and analytical mindset
10. Strong problem-solving and analytical abilities
11. Excellent communication skills verbal and written, clear and to the point
12. Proactivity driver attitude happy to collaborate with others
13. Ability to work comfortably in a lean and agile environment
#J-18808-Ljbffr