Cyber Security Engineer (m/w/d)

The Schwarz IT supports the entire digital infrastructure and all software solutions of the companies of the Schwarz Group. It is therefore responsible for selecting, providing and operating as well as further developing IT infrastructures, IT platforms and business applications. In order to optimally support the departments through IT solutions in their business processes, the Schwarz IT takes up the requirements of the departments in consultations and works together with these professional and efficient IT solutions. Definition and integration of cyber security best practices throughout the software development cycle (SSDLC). Close cooperation with developers, architects and product managers to implement ''Security by Design''. Implementation and establishment of Threat-Modeling processes. Build and support a security-champion program for scaling security knowledge. Development and execution of security awareness trainings for developers. Ownership, management and further development of the security tool landscape (SAST, DAST, SCA). Development of own tools and automation of security processes.

You have completed a degree in computer science or IT security, or you have a comparable qualification through several years of professional experience. You bring well-founded experience in Application Security, DevSecOps or a related field. You have sound programming skills, ideally in Python, to analyze code and develop your own security tools. You are sure to configure security tools for SAST, DAST and SCA (e.g. SonarQube, Snyk, Nessus). You understand the security architectures of cloud (AWS, GCP) and container environments (Docker, Kubernetes). You have experience in integrating security automation into CI/CD pipelines. You can not only apply the Secure Software Development Lifecycle (SSDLC), but also strategically develop it. You have already successfully performed Threat Models and ideally helped establish the process. You have a deep understanding of common attack patterns like the OWASP Top 10. You are able to develop a clear strategy for application security and represent it convincingly. You act as a communicative bridge builder between development and management. You have already successfully enabled teams through knowledge transfer (e.g. through security championship programs). You are characterized by high self-responsibility and a proactive way of working. You work solution-oriented and pragmatic. JOBV1_EN