REQUIRED SKILLS

• Master’s degree in computer science and several years of demonstrable experience in the field of software security across different technologies.
• Sound knowledge of the Secure Software Development Lifecycle and practical experience with the OWASP SAMM model.
• Strong understanding of security standards and compliance frameworks (e.g. SOC2 Type 2, ISO 27001, BSI, CRA, DORA, PCI DSS).
• Deep technical understanding of software development (e.g. C, C++, C#, Java, Python) and cloud environments (Azure).
• Experience with security tools such as static/dynamic code analysis, vulnerability scans and dependency management.
• Excellent communication and consulting skills as well as the ability to convey complex Security topics in an understandable way.
• Analytical and strategic thinking with a high level of initiative and assertiveness.
• Very good written and spoken German and English skills.

• Responsibility for the cyber security of software development across the development sites in Munich and Gurugram: You ensure that all software products and services are developed according to the highest security standards and follow Security-by-Design and Security-by-Default principles.
• Implementation and management of the Secure Software Development Lifecycle SSDLC: You will establish and monitor processes and measures along the entire development cycle in accordance with the OWASP SAMM model.
• Security awareness and training: You promote security awareness in the development teams through trainings, workshops and targeted knowledge transfer.
• Security architecture and reviews: You will advise teams on the secure architecture and threat modelling of software solutions and conduct regular security reviews and threat assessments.
• Automation of security checks: With the DevSecOps team, you will integrate security tools (e.g. SAST, DAST, Dependency Scanning) into the CI/CD pipelines and ensure automated security checks.
• Incident management and response: You will develop and improve processes for the secure handling of security incidents and related response.
• Close collaboration: You closely work together with Development, QA, DevOps, IT Security and other stakeholders across locations.
• Monitoring and reporting: You will regularly measure and report on the maturity level of software security and derive targeted improvement measures from this.