Security Tech Lead

At SimCorp, we view security as a mandatory capability of any work process involved in software development and operation. Those capabilities are constantly evaluated and improved to meet ever-increasing demands. Join our security team and support us in continuously improving all aspects of providing secure software solutions and services.

As the Security TechLead, you will support a development department of 900 people improving our secure software development life cycle across products and services. You will be part of a team that engages in both secure design and process development.

We are hiring into a broad area of responsibilities where we can and will design a job according to your profile and interests.

For instance, you can focus on technical design and quality assurance. This includes security testing, penetration testing, secure design, secure standards, and threat modeling. You can also focus on process and policy management including risk assessment in case your interests are more on the governance side.

What you will be responsible for (depending on your interest):

• Acting as a technical lead and subject matter expert for our secure application code development, cloud-based infrastructure and network security

• Promoting and assisting in reviewing code to enforce security, which includes reviewing pull requests and providing guidance to development teams

• Constantly re-evaluating threat models for our application and infrastructure as we rapidly scale our offering, identifying security issues

• Developing technical solutions to help mitigate security vulnerabilities, evaluate, implement, and support security-focused tools and services

• Participation in enhancing a security strategy focusing on cloud-based infrastructure, networks and applications, supporting security certifications and audits (SOC2 etc.)

• Developing security requirements through designing and building prototypes or proofs of concept

• Participating in building scalable detection systems and security-focused telemetry tools

• Working directly with development teams to establish and enforce security best practices, process improvements and effective security controls for new and existing products

What we value:

• Significant experience in secure software development and architecture in two or more languages

• Relevant experience as a Security Engineer - building security into a SaaS delivery pipeline

• Significant experience in application-level vulnerability testing (e.g. Cross Site Scripting, SQL Injection, LDAP Injection, Cross Site Request Forgery, Insecure Cryptographic Storage, etc.);

• Experience with code-level security auditing, automated static code analysis tools from a secure software development standpoint;

• Experience with common vulnerability scanning and reporting tools (e.g., SonarQube, Mend, Black Duck);

• Knowledge of a broad range of attack vectors and exploits (API, OS, database, network and Front End);

• Knowledge of cloud computing services/deployment architecture, cloud operations (we use Azure), security, automation and orchestration;

• Knowledge of the various cybersecurity frameworks and related industry practices such as NIST, FFIEC, and OWASP

• Experience in performing threat modeling and design reviews to assess security implications and requirements for introduction of new technologies

• Fluent English