Application Security Lead (m / f / d)

The purpose of this role is to define the security requirements for the cloud platforms utilized at METRO based on industry standards and regulations, and to monitor their fulfillment. This role owns knowledge of common security threats, security controls, and associated technologies and practices related to securing the relevant IaaS, PaaS and SaaS cloud platforms, cloud services and associated IT resources based on cloud technologies.

• Contribute to developing relevant guidelines and standards related to application security, cryptography management, and any relevant areas for software development.
• Contribute to ensuring that each step of the software development lifecycle (SDLC) used by software engineers across METRO follows best practices in information security and data privacy.
• Contribute to developing and maintaining the needed technologies and processes to be included in continuous software development processes (CI / CD pipelines) to include tollgates that secure security control validations automatically during development and deployment phases.
• Support software engineering teams across METRO to address identified software vulnerabilities and weaknesses.
• Support cyberdefense and software engineering teams in case of identified risks or security alerts related to software or third-party libraries, to determine METRO’s exposure to such vulnerabilities and risks.

• Relevant Master’s degree in Computer Science, Information Security, or a related field
• Minimum of 3 years of experience in cybersecurity, application security, or software engineering
• Familiarity with common information security standards (e.g., OWASP, ISO 27001, NIST)
• Familiarity with threat modeling (using STRIDE, for example) to identify potential threats and vulnerabilities in systems and applications
• Proven experience in implementing DevSecOps by integrating SCA, DAST, and SAST analyses in CI / CD pipelines
• Familiarity with vulnerability prioritization approaches
• Advanced skills in building detailed and actionable analysis reports to enable decision making
• Proven project management abilities ensuring projects are delivered on time and within budget
• Effective stakeholder management with strong communication and coordination skills in complex organizational environments
• Broad knowledge and overview of security architectures and security systems in IT and OT environments
• Fluent English skills

• Work-life balance: Flexible working hours with the option of mobile working in agreement with your line manager; 30 days of holidays
• Training: A comprehensive training offer via our own training center or externally
• Well-being: Health days with health checks and information about well-being; company medical care including preventive services such as flu shots and EAP
• Exciting life on campus: Free gym and sports classes, Rioba coffee bar, canteen with discounted meals for employees, campus events
• Discounts: Discounted Jobticket and discounts in wholesale stores and at partner companies
• Comfort: Good transport connections, free parking spaces, JobBike
• Company pension plan: Contribution to company pension
• Family driven: Three daycare centers on campus; support of holiday camps for children of employees

Remote Work: Employment Type: Full-time

Administrative Skills, Facilities Management, Biotechnology, Creative Production, Design And Estimation, Architecture

years

1