Lieber Besucher,
um Ihnen den best­möglichen Service zu bieten, verwenden wir Cookies. Einige Cookies sind für den Betrieb der Website notwendig. Andere Cookies für anonyme Statistiken, Präferenzen wie Sprache oder die Anzeige von Dritt­anbieter-Inhalten sind optional. Abhängig von Ihrer Auswahl umfasst Ihre Einwilligung auch eine Übermittlung von Daten an Empfänger in Drittstaaten ohne angemessenes Daten­schutz­niveau, wie insbesondere die USA, mit dem Risiko eines Zugriffs durch Behörden dort ohne Rechts­mittel. Unter Datenschutz erhalten Sie weitere Informationen und können jederzeit die Einstellungen für Cookies anpassen.

Application Security Lead (m/f/d)

Professionals without leadership responsibility

Die wichtigsten Fakten

  • Professionals without leadership responsibility
    Professionals without leadership responsibility
  • IT
    IT
  • Full time
    Full time
  • Düsseldorf, NRW, Germany
    Düsseldorf, NRW, Germany

Job Description

The purpose of this role is to define the security requirements for the cloud platforms utilized at METRO based on the industry standards and regulations as well as monitore their fulfillment. This role owns knowledge of common security threats, security controls and associated technologies and practices related to securing the relevant IaaS,PaaS and SaaS cloud platforms, cloud services, and associated IT resources based on cloud technologies.

  • Contribue to develop relevant guidelines and standards related to application security, cryptography management and any relevant areas for software development.
  • Contribute to ensure that each steps of software development lifecycle (SDLC) used by software engineers across METRO is following best practices in term of information security and data privacy.
  • Contribute to develop and maintain the needed technologies and processes to be included in continuous software development processes (CI/CD pipelines) to include tollgates to secure that security control validations are automatically performed during development and deployment phases
  • Support software engineer teams across METRO to address identified software vulnerabilities and weaknesses,
  • Support cyberdefense and software engineer teams in case of identified risks or security alerts related software or third-party libraries vulnerabilities to determine METRO’s exposure to such vulnerabilities and risks.

Qualifications

  • Relevant Master’s degree in Computer Science, Information Security, or a related field
  • Minimum of 3 years of experience in cyber security, application security or software engineering
  • Familiarity with common information security standards (e.g., OWASP, ISO 27001, NIST)
  • Familiarity with threat modeling (using STRIDE for example) to identify potential threats and vulnerabilities in systems and applications.
  • Proven experiences in implementing DevSecOps approach by integrating SCA, DAST and SAST analysis in CI/CD pipelines.
  • Familiarity with vulnerability priortisation approaches
  • Advanced skills in building detailed and actionable analysis reports to enable
  • Proven project management abilities, ensuring projects are delivered on time and within budget
  • Effective stakeholder management with strong communication and coordination skills in complex organizational environments
  • Broad knowledge and overview of security architectures and security systems in IT and OT environments
  • Fluent English skills

 

Vorteile

Arbeitszeit

Flexible Arbeitszeiten

Weiterbildungsmöglichkeiten

Weiterbildungs­möglichkeiten

Work-Life-Balance

Sportangebote und Mitarbeitergesundheit

Mitarbeiterrabatt

Mitarbeiter­rabatte

Rentenpläne

Rentenpläne

Familienfreundlich

Vereinbarkeit von Beruf und Familie

Arbeitsweg

Vergünstigungen von Jobtickets

Kontakt

METRO
People & Culture
METRO AG

Weitere Angebote, die Sie interessieren könnten

Alle anzeigen