Application Security Lead (m/f/d)
Job Description
The purpose of this role is to define the security requirements for the cloud platforms utilized at METRO based on the industry standards and regulations as well as monitore their fulfillment. This role owns knowledge of common security threats, security controls and associated technologies and practices related to securing the relevant IaaS,PaaS and SaaS cloud platforms, cloud services, and associated IT resources based on cloud technologies.
- Contribue to develop relevant guidelines and standards related to application security, cryptography management and any relevant areas for software development.
- Contribute to ensure that each steps of software development lifecycle (SDLC) used by software engineers across METRO is following best practices in term of information security and data privacy.
- Contribute to develop and maintain the needed technologies and processes to be included in continuous software development processes (CI/CD pipelines) to include tollgates to secure that security control validations are automatically performed during development and deployment phases
- Support software engineer teams across METRO to address identified software vulnerabilities and weaknesses,
- Support cyberdefense and software engineer teams in case of identified risks or security alerts related software or third-party libraries vulnerabilities to determine METRO’s exposure to such vulnerabilities and risks.
Qualifications
- Relevant Master’s degree in Computer Science, Information Security, or a related field
- Minimum of 3 years of experience in cyber security, application security or software engineering
- Familiarity with common information security standards (e.g., OWASP, ISO 27001, NIST)
- Familiarity with threat modeling (using STRIDE for example) to identify potential threats and vulnerabilities in systems and applications.
- Proven experiences in implementing DevSecOps approach by integrating SCA, DAST and SAST analysis in CI/CD pipelines.
- Familiarity with vulnerability priortisation approaches
- Advanced skills in building detailed and actionable analysis reports to enable
- Proven project management abilities, ensuring projects are delivered on time and within budget
- Effective stakeholder management with strong communication and coordination skills in complex organizational environments
- Broad knowledge and overview of security architectures and security systems in IT and OT environments
- Fluent English skills
