Company DescriptionMETRO is a leading international food wholesaler serving hotels, restaurants, caterers (HoReCa), and independent merchants (Traders). With approximately 15 million customers worldwide, METRO offers a multichannel shopping experience through large stores and digital delivery services (Food Service Distribution, FSD). METRO MARKETS is an expanding online marketplace for professional customers, active since 2019. The company emphasizes sustainability, being listed in indices like MSCI, Sustainalytics, and CDP. Operating in over 30 countries with more than 85,000 employees, METRO generated €31 billion in sales in the fiscal year 2023/24. Our 'sCore' growth strategy and shared values guide us, emphasizing curiosity, determination, courage, and trust. Learn more about METRO at.Job DescriptionThis role involves defining security requirements for METRO’s cloud platforms, based on industry standards and regulations, and monitoring their compliance. The candidate will possess knowledge of common security threats, controls, and technologies related to securing IaaS, PaaS, and SaaS cloud platforms, services, and IT resources.Contribute to developing guidelines and standards for application security, cryptography, and related areas for software development.Ensure that all stages of the Software Development Lifecycle (SDLC) follow best practices for information security and data privacy.Develop and maintain technologies and processes for inclusion in continuous software development (CI/CD pipelines), including automated security validations.Support software engineering teams in addressing vulnerabilities and weaknesses.Assist cyberdefense and software teams in managing risks or security alerts related to vulnerabilities in software or third-party libraries.QualificationsMaster’s degree in Computer Science, Information Security, or a related field.At least 3 years of experience in cybersecurity, application security, or software engineering.Knowledge of standards like OWASP, ISO 27001, NIST.Experience with threat modeling (e.g., STRIDE).Proven ability to implement DevSecOps practices, integrating SCA, DAST, and SAST in CI/CD pipelines.Understanding of vulnerability prioritization methods.Strong skills in creating detailed analysis reports.Project management experience ensuring timely and within-budget project delivery.Excellent stakeholder management and communication skills.Broad understanding of security architectures in IT and OT environments.Fluent in English.Additional InformationWhat We OfferFlexible working hours, mobile working options, and 30 days of holidays.Comprehensive training programs.Health initiatives, medical care, and employee assistance programs.Campus amenities including gym, sports classes, coffee bar, and discounted meals.Employee discounts, good transport links, free parking, and JobBike.Company pension contributions.Childcare support with daycare centers and holiday camps. #J-18808-Ljbffr