Company Description
METRO is a leading international food wholesaler specializing in serving hotels, restaurants, and caterers (HoReCa) as well as independent merchants (Traders). With approximately 15 million customers worldwide, METRO offers a multichannel shopping experience: customers can purchase in large stores or via digital delivery supported by Food Service Distribution (FSD). METRO MARKETS is an expanding online marketplace for professional customers, operational since 2019. The company operates in over 30 countries, employs more than 85,000 people, and generated sales of €31 billion in 2023/24. METRO is committed to sustainability, listed in indices such as MSCI, Sustainalytics, and CDP, and adheres to its sCore growth strategy and core values of curiosity, determination, courage, drive, commitment, and trust. More about METRO can be found on our website.
Job Description
The role involves defining security requirements for METRO's cloud platforms based on industry standards and regulations, and monitoring their compliance. The candidate will possess knowledge of security threats, controls, and technologies related to IaaS, PaaS, and SaaS cloud services, supporting secure cloud operations.
* Develop relevant guidelines and standards for application security, cryptography, and software development.
* Ensure adherence to security and data privacy best practices throughout the software development lifecycle (SDLC).
* Maintain technologies and processes for continuous integration/continuous deployment (CI/CD), including automatic security validations.
* Assist software engineering teams in addressing vulnerabilities and weaknesses.
* Support cyber defense teams in assessing risks from vulnerabilities in software or third-party libraries.
Qualifications
* Master's degree in Computer Science, Information Security, or related field.
* At least 3 years of experience in cybersecurity, application security, or software engineering.
* Knowledge of security standards such as OWASP, ISO 27001, NIST.
* Experience with threat modeling (e.g., STRIDE).
* Proven experience with DevSecOps, integrating SCA, DAST, and SAST in CI/CD pipelines.
* Understanding of vulnerability prioritization approaches.
* Ability to produce detailed, actionable analysis reports.
* Strong project management and stakeholder management skills.
* Broad knowledge of security architectures in IT and OT environments.
* Fluent in English.
Additional Information
What We Offer
* Flexible working hours, mobile working options, and 30 days of holidays.
* Comprehensive training programs.
* Health and well-being initiatives, including health checks, medical care, and employee assistance.
* Campus amenities: gym, sports classes, coffee bar, canteen, events.
* Employee discounts on store purchases and partner services.
* Good transport links, free parking, JobBike.
* Company pension contributions.
* Family support: daycare centers and holiday camps for employees' children.
#J-18808-Ljbffr