G+D MAKES THE LIVES OF BILLIONS OF PEOPLE AROUND THE WORLD MORE SECURE. WE CREATE TRUST IN THE DIGITAL AGE WITH INTEGRATED SECURITY TECHNOLOGIES IN THREE BUSINESS AREAS: DIGITAL SECURITY, FINANCIAL PLATFORMS AND CURRENCY TECHNOLOGY. WE HAVE BEEN A RELIABLE PARTNER FOR OUR CUSTOMERS FOR OVER 170 YEARS WITH OUR INNOVATIVE SOLUTIONS FOR SECURITYTECH! WE ARE AN INTERNATIONAL TECHNOLOGY GROUP AND TRADITIONAL FAMILY BUSINESS WITH OVER 14,000 EMPLOYEES IN 40 COUNTRIES. CREATING CONFIDENCE IS OUR PATH TO SUCCESS. TRUST IS THE BASIS OF OUR CO-OPERATION WITHIN G+D. MAYBE SOON FOR YOU TOO?

G+D makes the lives of billions of people more secure. We develop innovative products and solutions to secure payments, identities, connectivity and data. With more than 160 years of experience and new passion every day. As an international technology group and traditional family business with over 11,000 employees in 32 countries. We are convinced that various central banks will introduce a digital version of their currency, a so-called Central Bank Digital Currency (CBDC) in the coming years. This will create an entirely new market for products and services that fit perfectly with Giesecke+Devrient’s product portfolio. It especially requires an outstanding team to deliver a disruptive innovation of that magnitude. For this, we have set up G+D advance52 GmbH as an independent start-up with a team that has a clear mission for growth and to create a substantial product business. Security is the most crucial prerequisite for the introduction and operation of a CBDC ecosystem. In this domain we expect yet to be defined security standards way beyond standard payment rails. We need to ensure that we guarantee the required security in terms of our technical design, the product portfolio we build, the operation of a CBDC ecosystem and also from an organizational perspective. We are therefore looking for a Lead Software Security Architect- CBDC (m/f/d) to take on these challenging tasks and ensure that we provide the level of trust that G+D has been valued for by its customers for 170 years.

DESIRED EXPERIENCE:

• Master degree in computer science, security / information security or a related field including engineering, mathematics, physics and other STEM subjects, or equivalent professional experience (5+ in a comparable position in industry or public functions)
• Several years of professional experience in building secure software solutions
• Demonstrated ability to perform the functions of a software security architect in a similarly complex environment, preferably in the domain of a complex product development undertaking
• Solid knowledge developing secure web applications with Go, Rust and in securing containerized applications (Docker, K8s)
• Practical experience in leading threat analysis and using the STRIDE model
• Plus: Experience in IT-security on a critical infrastructure / governmental level/ financial market infrastructure
• Plus: Knowledge and practical experience in the application of relevant standards and norms (e.g., OWASP SAMM / ASVS, ISO 27k, Common Criteria, CROE)

• Oversee, coach and steer the definition, implementation and continuously improvement of a secure development process for our product offering, including the development of security guidelines
• Conduct threat modelling and risk assessments for every stage of the product lifecycle
• Select, implement and run static and dynamic application security testing (SAST/DAST) tools
• Collaborate with developers to integrate secure coding practices into CI/CD pipelines
• Work with engineering teams to ensure proper encryption, authentication, and authorization mechanisms are implemented
• Troubleshoot and resolve specific security-related challenges, such as configuring secure APIs or implementing secure data storage practices
• Constantly raise awareness for security related topics for the development team and give hands on support on how to implement relevant security measures into our development processes and secure operations
• Respond to local, internal security audits, analyze audit results and support to define mitigative actions