Application Security Lead (m/f/d)

Stellenbeschreibung:

Job Description

The purpose of this role is to define the security requirements for the cloud platforms utilized at METRO based on the industry standards and regulations as well as monitor their fulfillment. This role owns knowledge of common security threats, security controls and associated technologies and practices related to securing the relevant IaaS, PaaS and SaaS cloud platforms, cloud services, and associated IT resources based on cloud technologies.

Contribute to develop relevant guidelines and standards related to application security, cryptography management and any relevant areas for software development.
Contribute to ensure that each step of the software development lifecycle (SDLC) used by software engineers across METRO is following best practices in terms of information security and data privacy.
Contribute to develop and maintain the needed technologies and processes to be included in continuous software development processes (CI/CD pipelines) to include tollgates to secure that security control validations are automatically performed during development and deployment phases.
Support software engineer teams across METRO to address identified software vulnerabilities and weaknesses.
Support cyberdefense and software engineer teams in case of identified risks or security alerts related software or third‑party libraries vulnerabilities to determine METRO's exposure to such vulnerabilities and risks.

Qualifications

Relevant Master's degree in Computer Science, Information Security, or a related field
Minimum of 3 years of experience in cyber security, application security or software engineering
Familiarity with common information security standards (e.g., OWASP, ISO 27001, NIST)
Familiarity with threat modeling (using STRIDE for example) to identify potential threats and vulnerabilities in systems and applications.
Proven experience in implementing DevSecOps approach by integrating SCA, DAST and SAST analysis in CI/CD pipelines.
Familiarity with vulnerability prioritisation approaches
Advanced skills in building detailed and actionable analysis reports to enable
Proven project management abilities, ensuring projects are delivered on time and within budget
Effective stakeholder management with strong communication and coordination skills in complex organizational environments
Broad knowledge and overview of security architectures and security systems in IT and OT environments
Fluent English skills

Benefits

Work-life balance

Flexible working time models with the option of mobile working in consultation with your line manager, 30 days holiday.

Learning & development

A comprehensive range of training courses via our own training centre or external providers.

Well-being

Health days with lots of health checks and information about your well‑being, company medical care including a range of preventive services, such as flu shots, OTHEB employee assistance programme.