Application Security Manager

Application Security Manager

Berlin (Hybrid)

Stott and May are proud to be working with one of the market leaders in developing AI-driven software for energy management, production, and logistics, specializing in optimizing, controlling, and simulating industrial processes. Due to continued growth within their Security division we are looking for a Application Security Manager to join the business.

Responsibilities

• Communicate technical information to both technical and non-technical stakeholders, including senior leadership and customers
• Enable and support product-specific application security roles across our various business units
• Coordinate, align, track and steer business unit specific product and project security roles to achieve secure SDLC implementation across the business
• Form a community and foster knowledge exchange, provide guidance, feedback, training and professional development opportunities to the business unit application security roles
• Collaborate with cross-functional teams, including development, operations, security, and compliance, to ensure effective communication of security risks and recommendations
• Define and implement application security measures
• Design secure SDLC and create corresponding concepts, standards and guidance materials
• Select, introduce and operate SAST and DAST
• Design Threat Modelling using industry frameworks like STRIDE or PASTA and implement together with Product Security Officer
• Coordinate information security test management
• Ensure security across CI/CD pipelines and practices
• Application vulnerability and patch management incl. SBOM
• Ensure usage and compliance to open-source software licenses
• Promote secure coding practices and educate developers on the importance of security in software development
• Design and implement secure application architectures that align with organizational security policies and standards

Requirements

• Strong understanding of web application vulnerabilities (e.g., OWASP Top 10) and remediation strategies
• Proficiency in secure coding practices and development methodologies
• Experience with cloud-based platforms and containerization (e.g., Docker)
• Knowledge of security frameworks and standards (e.g., IEC, NIST Cybersecurity Framework, OWASP ASVS)
• CISSP, or related security certifications are a plus
• Great enthusiasm for Information Security
• Intrinsic motivation, never ending curiosity
• Quick thinking and continuous learning personality and thus are able to dive into new topics quickly, filter and digest the relevant information
• Inquisitive and analytical mindset
• Strong problem-solving and analytical abilities
• Excellent communication skills verbal and written, clear and to the point
• Proactivity driver attitude happy to collaborate with others
• Ability to work comfortably in a lean and agile environment

Whats on offer

• Modern environment with flat hierarchies.
• Modern hardware and the opportunity to work with cutting‑edge technologies
• Flexible working model with home office days
• Training budget for personal growth
• 30 days vacation
• Events for employees to celebrate our achieved goals and great team‑spirit
• Cooperate benefits and insurances