Company Description
METRO is a leading international food wholesaler which specialises in serving the needs of hotels, restaurants, and caterers (HoReCa) as well as independent merchants (Traders). Around the world, METRO has approx. 15 million customers who benefit from the wholesale company’s unique multichannel mix: customers can purchase their goods in one of the large stores in their area as well as by delivery (Food Service Distribution, FSD) – all digitally supported and connected. In parallel, METRO MARKETS is being developed as an international online marketplace for the needs of professional customers which has been growing and expanding continuously since 2019. Acting sustainably is one of the company principles of METRO which has been listed in various sustainability indices and rankings, including MSCI, Sustainalytics and CDP. METRO operates in more than 30 countries and employs over 85,000 people worldwide. In financial year 2023/24, METRO generated sales of €31 billion.
At METRO, we have set ourselves ambitious goals with our “sCore” growth strategy which is closely accompanied by our Fundamentals. These shared values provide us with rules of conduct that are binding for everyone at METRO, in all countries and companies. Our commitment to wholesale is at the forefront of our mission, and we are constantly striving to improve. With our ONE METRO spirit, everyone stands together, bringing curiosity, determination, courage, drive, commitment, and trust. Find out more about METRO at careers.metroag.de.
Job Description

The purpose of this role is to define the security requirements for the cloud platforms utilized at METRO based on the industry standards and regulations as well as monitore their fulfillment. This role owns knowledge of common security threats, security controls and associated technologies and practices related to securing the relevant IaaS,PaaS and SaaS cloud platforms, cloud services, and associated IT resources based on cloud technologies.

• Contribue to develop relevant guidelines and standards related to application security, cryptography management and any relevant areas for software development.
• Contribute to ensure that each steps of software development lifecycle (SDLC) used by software engineers across METRO is following best practices in term of information security and data privacy.
• Contribute to develop and maintain the needed technologies and processes to be included in continuous software development processes (CI/CD pipelines) to include tollgates to secure that security control validations are automatically performed during development and deployment phases
• Support software engineer teams across METRO to address identified software vulnerabilities and weaknesses,
• Support cyberdefense and software engineer teams in case of identified risks or security alerts related software or third-party libraries vulnerabilities to determine METRO’s exposure to such vulnerabilities and risks.

QUALIFICATIONS

• Relevant Master’s degree in Computer Science, Information Security, or a related field
• Minimum of 3 years of experience in cyber security, application security or software engineering
• Familiarity with common information security standards (e.g., OWASP, ISO 27001, NIST)
• Familiarity with threat modeling (using STRIDE for example) to identify potential threats and vulnerabilities in systems and applications.
• Proven experiences in implementing DevSecOps approach by integrating SCA, DAST and SAST analysis in CI/CD pipelines.
• Familiarity with vulnerability priortisation approaches
• Advanced skills in building detailed and actionable analysis reports to enable
• Proven project management abilities, ensuring projects are delivered on time and within budget
• Effective stakeholder management with strong communication and coordination skills in complex organizational environments
• Broad knowledge and overview of security architectures and security systems in IT and OT environments
• Fluent English skills
  Additional Information

• Contribue to develop relevant guidelines and standards related to application security, cryptography management and any relevant areas for software development.
• Contribute to ensure that each steps of software development lifecycle (SDLC) used by software engineers across METRO is following best practices in term of information security and data privacy.
• Contribute to develop and maintain the needed technologies and processes to be included in continuous software development processes (CI/CD pipelines) to include tollgates to secure that security control validations are automatically performed during development and deployment phases
• Support software engineer teams across METRO to address identified software vulnerabilities and weaknesses,
• Support cyberdefense and software engineer teams in case of identified risks or security alerts related software or third-party libraries vulnerabilities to determine METRO’s exposure to such vulnerabilities and risks