Why this role is important for us
At SimCorp, we view security as a mandatory capability of any work process involved in software development and operation. Those capabilities are constantly evaluated and improved to meet ever-increasing demands. Join our security team and support us in continuously improving all aspects of providing secure software solutions and services.
As the Security TechLead, you will support a development department of 900 people improving our secure software development life cycle across products and services. You will be part of a team that engages in both secure design and process development.
We are hiring into a broad area of responsibilities where we can and will design a job according to your profile and interests.
For instance, you can focus on technical design and quality assurance. This includes security testing, penetration testing, secure design, secure standards, and threat modeling. You can also focus on process and policy management including risk assessment in case your interests are more on the governance side.
What you will be responsible for (depending on your interest):
Acting as a technical lead and subject matter expert for our secure application code development, cloud-based infrastructure and network security
Promoting and assisting in reviewing code to enforce security, which includes reviewing pull requests and providing guidance to development teams
Constantly re-evaluating threat models for our application and infrastructure as we rapidly scale our offering, identifying security issues
Developing technical solutions to help mitigate security vulnerabilities, evaluate, implement, and support security-focused tools and services
Participation in enhancing a security strategy focusing on cloud-based infrastructure, networks and applications, supporting security certifications and audits (SOC2 etc.)
Developing security requirements through designing and building prototypes or proofs of concept
Participating in building scalable detection systems and security-focused telemetry tools
Working directly with development teams to establish and enforce security best practices, process improvements and effective security controls for new and existing products
What we value:
Significant experience in secure software development and architecture in two or more languages
Relevant experience as a Security Engineer - building security into a SaaS delivery pipeline
Significant experience in application-level vulnerability testing (e.g. Cross Site Scripting, SQL Injection, LDAP Injection, Cross Site Request Forgery, Insecure Cryptographic Storage, etc.);
Experience with code-level security auditing, automated static code analysis tools from a secure software development standpoint;
Experience with common vulnerability scanning and reporting tools (e.g., SonarQube, Mend, Black Duck);
Knowledge of a broad range of attack vectors and exploits (API, OS, database, network and Front End);
Knowledge of cloud computing services/deployment architecture, cloud operations (we use Azure), security, automation and orchestration;
Knowledge of the various cybersecurity frameworks and related industry practices such as NIST, FFIEC, and OWASP
Experience in performing threat modeling and design reviews to assess security implications and requirements for introduction of new technologies
Who we are
For over 50 years, we have worked closely with investment and asset managers to become the world’s leading provider of integrated investment management solutions. We are 2,100+ colleagues with a broad range of nationalities, educations, professional experiences, ages, and backgrounds in general.
SimCorp is an equal opportunity employer. We are committed to building a culture where diverse perspectives and expertise are integrated in our everyday work. We believe in the continual growth and development of our employees, so that we can provide best-in-class solutions to our clients.
While striving to deliver client value, we believe it is vital to consider our people and our planet in every business decision we make. Acting responsibly is not optional. It is essential.