Own and manage application security strategies, aligned with regulatory standards and industry frameworks such as ISO 27001 and SLSA
Standardize security processes and create standard operating procedures (SOPs) and work instructions
Drive vulnerability management practices, ensuring seamless integration of data from various sources (e.g., GitHub, JFrog)
Provide technical solutions and tools, leveraging AWS and Terraform, to support secure development practices and security by design
Offer advisory and enablement services to solution delivery teams on security practices and tools (e.g., threat modeling, software composition analysis, SAST, CodeQL)
Oversee the onboarding of open-source software, conduct/automate risk assessments, and review risk check results to ensure secure integration
Introduce KPIs and metrics to measure and report on the effectiveness of security processes and tools

A university degree in Informatics, Computer Science, or a related field
At least 7 years of professional experience in application security, security engineering, secure software development, or a similar domain
In-depth knowledge and hands-on experience in application security and secure development practices
Strong familiarity with industry standards and frameworks such as OWASP Top 10, SLSA Framework, ISO 27001, SAST/DAST, threat modeling, and security tools (e.g., CodeQL)
Advanced programming skills combined with expertise in CI/CD pipelines and cloud technologies (e.g., Terraform, AWS)
Excellent stakeholder management and communication skills, with the ability to convey complex security concepts to diverse audiences
A proactive mindset and the ability to thrive in a fast-paced, dynamic work environment
Detail-oriented with a strong focus on operational efficiency and compliance
Fluency in both English and German, with exceptional written and verbal communication skills

Associate Director – Application Security

Key skills