Who we are
For over 50 years, we have worked closely with investment and asset managers to become the world’s leading provider of integrated investment management solutions. We are 2,100+ colleagues with a broad range of nationalities, educations, professional experiences, ages, and backgrounds in general.
SimCorp is an equal opportunity employer. We are committed to building a culture where diverse perspectives and expertise are integrated in our everyday work. We believe in the continual growth and development of our employees, so that we can provide best-in-class solutions to our clients.
While striving to deliver client value, we believe it is vital to consider our people and our planet in every business decision we make. Acting responsibly is not optional. It is essential.
Why this role is important to us
As a senior security consultant you will be working on a number of key security initiatives to further enhance the security posture of our products and services. The role will be reporting directly to the CISO (Chief information security officer) and has the potential to influence the security appetite within product development.
We are looking for someone who is able to communicate security technicalities in a way business understands.
What you will be responsible for:
Serve as a technical lead and subject matter expert for our secure application code development, cloud-based infrastructure and network security;
Promote and assist reviewing of code to enforce security, which includes reviewing pull requests and providing guidance to development teams;
Constantly re-evaluate threat models for our application and infrastructure as we rapidly scale our offering, identifying security issues and prioritize fixes with key stakeholders;
Maintain strong knowledge of common security vulnerabilities, attack vectors, and remediation techniques;
Participate in enhancing a security strategy focusing on cloud-based infrastructure, networks and applications, supporting security certifications and audits (SOC2 etc.);
Build, maintain and enhance a central security policy for our cloud infrastructure, continuously scan and respond to policy violations;
Develop technical solutions to help mitigate security vulnerabilities, evaluate, implement, and support security-focused tools and services;
Drive security requirements through designing and building prototypes and / or proofs of concept;
Participate in building scalable detection systems and security focused telemetry tools;
Work directly with engineering teams to establish and enforce security best practices, protection objectives, process improvements and effective security controls for new and existing products;
Close collaboration with architects community in all SimCorp development divisions.
What we value (our requirements):
5+ years proven experience in secure software development and architecture in two or more languages (e.g. C# and Java);
3+ years of operational experience as a Security Engineer for a cloud SaaS application;
Experience in application-level vulnerability testing (e.g. Cross Site Scripting, SQL Injection, LDAP Injection, Cross Site Request Forgery, Insecure Cryptographic Storage, etc.);
Proven experience building security into a SaaS application and delivery pipeline;
Experience with code-level security auditing, automated static code analysis tools from a secure software development standpoint;
Experience with common vulnerability scanning and reporting tools (e.g. SonarQube, WhiteSource, Black Duck);
Experience with building internal penetration testing activities for products and services.
Knowledge of a broad range of attack vectors and exploits (API, OS, database, network and Front End);
Knowledge of cloud computing services/deployment architecture, cloud operations (Azure is a plus), security, automation and orchestration;
Knowledge of the various cybersecurity frameworks and related industry-leading practices such as NIST, FFIEC, and OWASP;
Experience performing threat modeling and design reviews to assess security implications and requirements for introduction of new technologies;
Bachelor's or Master's degree in Computer Science or equivalent discipline;
Will be an advantage:
Knowledge of OAuth 2.0 / Open-ID Connect;
Experience with vulnerability analysis, software compliance standards (e.g. FedRAMP, SOC2, FIPS, DISA STIG, BSIMM);
Security-based credential (GIAC, CISSP CSSLP, SSCP, CCSP and CAP);
Ability to debug the full application stack;
Formal background in cryptographic protocols and best practices, including knowledge of symmetric and asymmetric protocols, hashing, key exchange, and certificate management;
Experienced operation and configuration of Linux systems;
Containerization technologies experience (Docker, Kubernetes).
Please send us your application in English via our career site as soon as possible, we process incoming applications continually. To make sure you receive our emails please check your junk/spam folder and add SimCorp to the safe list of your e-mail contacts.
Please note: Only applications sent through our system will be processed.