Für unseren Kunden suchen wir ab sofort einen Security Engineering Architect (m/w/d) OWASP, SAST & DAST für den voraussichtlichen Zeitraum bis 11/2025 mit der Option auf langfristige Verlängerung. In diesem großen Greenfield-Projekt kann unter Nutzung moderner Technologien ein Beitrag zur Energiewende geleistet werden. Das Projekt ist als Vollzeitbeschäftigung geplant. Mindestens 3 Tage pro Monat finden vor Ort in Frankfurt am Main oder Berlin statt.

Hinweis: Bitte sehen Sie von Bewerbungen ab, die nicht alle Mindestkriterien erfüllen.

Project Description:

The team is building an internal platform for software product developers to accelerate the development and delivery of software products to tackle the massive challenges facing the energy sector. The Platform is a service oriented, cloud-native platform that is being built to provide application teams with self-service capabilities to develop, run and operate their software products. The Platform provides services for application infrastructure, data, service lifecycle management, application build and delivery as well as services to operate their software products. The platform is deployed as a hybrid cloud, encompassing both private cloud and selected public clouds.

Targets in that Position:
- Consultancy in central and integrated automated security testing tools
- Coordination DevSecOps practices across the platform
- Consultancy in security vulnerability management capabilities
- Consultancy in application-level security analysis and assessments

Must-Have:
- Experience in security architecture principles, secure design patterns, and frameworks
- Experience in secure code analysis adhering to standards like OWASP
- Experience in SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing)
- Experience with tools integrating security into CI/CD pipelines (e.g. SonarQube, Snyk, Trivy, Aqua)
- Experience in vulnerability management tools and related processes

Nice-to-Have:
- Hands-on experience with secure development practices (e.g., OWASP Top 10, secure coding standards)
- Familiarity with private cloud and sovereign cloud platforms
- Familiarity with DevSecOps practices and tools for integrating security into platform development
- Experience in Threat Modeling and related standard (OWASP, STRIDE)
- Experience in Kubernetes security (CKS or CNCF related)
- Experience in security & compliance standards and frameworks including ISO/IEC 27001, CSA CCM, BSI Grundschutz, CSI, NIST CSF, NIST OSCAL, etc.
- Experience in sector-specific regulations (e.g. NIS2, CRA, KRITIS, BSI C5, …)
- Experience with cloud posture management and detection tools (CSPM, KSP, Workload protection)