Skills needed:

• Proven experience in software security, DevSecOps, or application security engineering.
• Familiarity with SDLC and secure development practices.
• Expertise with security tools & methodologies: SAST, DAST, vulnerability scanners (Tenable/Nessus, Rapid7, Aquasec/Trivy).
• Experience with SIEM systems like Splunk or Elastic.
• Comfortable using Jira or similar ticketing systems.
• Strong understanding of compliance standards (ISO 27001, SOC 2, PCI- DSS, IT Grundschutz).
• Analytical and problem-solving skills, able to turn complex findings into actionable plans.
• Experience moderating Threat Modelling workshops.
• Deep knowledge of cloud-native development, containers & Kubernetes.
• Development experience in Python and/or Golang.
• Exposure to major cloud providers (AWS, Azure, GCP) or OpenStack.
• Familiarity with physical datacenter infrastructure (storage, network, hypervisors like KVM)

Job description:

• Conduct security and risk assessments across applications and systems to identify vulnerabilities.
• Collaborate with our vulnerability management team to analyze findings, manage false positives, and improve runtime security scanning.
• Create, manage, and resolve Jira backlogs for security issues, exceptions, and risk items.
• Support rollout and implementation of SDOL processes, including documentation, exception handling, and compliance alignment.
• Work with dev & ops teams to integrate security into CI/CD pipelines (SAST, DAST, dependency scanning).
• Develop and maintain security policies, standards, and procedures aligned with ISO 27001, SOC 2, PCI-DSS, IT Grundschutz.
• Configure and optimize security tools & vulnerability scanners to improve detection and efficiency.
• Lead threat modeling & risk assessment workshops to evaluate architectural and operational risks.
• Provide clear documentation and explain complex security concepts to stakeholders.
• Collaborate with architects, service owners, and SGSC contacts to create security concepts for critical projects.