Secure Software Development Specialist (Chief Security Office CTO)

Requirements

• Knowledge of security standards such as ISO 27001 (or equivalent), OWASP Top 10 (e.g. encryption, security certificates, authorization and authentication, configuration), and prior experience in threat modelling (e.g. STRIDE, MITRE ATT&CK)
• Good understanding of Software Development Lifecycle (SDLC) processes and tools used by developers
• Proven IT security experience in previous positions
• Strong security culture and like spreading security solutions across teams. You like teamwork and engagement with development teams, like to collaborate with anyone around and help people and you are independent and proactive
• Knowledge in software development and coding (e.g. Java or any other programming language)

What the job involves

• TDI’s Chief Security Office is responsible for the creation, maintenance, and implementation of the information security strategy of Deutsche Bank Group
• CSO steers the measures derived from the information security strategy and provides guidance to employees regarding the identification, development, implementation, and execution of all processes which serve to reduce information security risk, to respond to incidents, and to establish appropriate policies and standards for information security management
• You’ll be joining the Secure Software Development Team
• The team’s purpose is to drive the efficient integration of security services into DBs Software Development Processes and CI/CD Platforms, and that security is embedded as early as possible
• Secure Coding Standards, best practices and guidance for application development teams are some of our core deliverables we provide to support security in software development
• As a Secure Software Development Specialist (f/m/x) you will be supporting the "Shift-Left-Approach" to shift security responsibilities to those creating software and shift it towards the beginning of the process
• The responsibility is to define our secure coding standards and continuously enhance our secure coding guidance, blueprints, and best practices on different levels so that this is easy to consume for our developers, but also satisfies external and regulatory requests
• Work with business divisions to identify and train Security Champions from the application teams and work with them on several security topics that will be incorporated into their software projects
• Collaborate with application teams to help them identify the application security threats by moderating the threat modelling game in preparation for the Security Design Authority (SDA) approval process
• Create/Update security guidelines for engineers, by continuously enhancing the guidance documents and confluence pages to address secure code snippets as good practices, checklists etc
• Educate engineers on security best practices and supporting our development communities with patterns on how to embed security in the software development. Organize live sessions, trainings, write security articles for on-prem, GCP or hybrid environments etc
• You prepare and perform security training sessions and demos for engineers maintaining an open communication channel with the engineering communities