Job description
Application Security Manager
Berlin (Hybrid)
Stott and May are proud to be working with one of the market leaders in developing AI-driven software for energy management, production, and logistics, specializing in optimizing, controlling, and simulating industrial processes. Due to continued growth within their Security division we are looking for a Application Security Manager to join the business
Responsibilities
1. Communicate technical information to both technical and non-technical stakeholders, including senior leadership and customers
2. Enable and support product-specific application security roles across our various business units
3. Coordinate, align, track and steer business unit specific product and project security roles to achieve secure SDLC implementation across the business
4. Form a community and foster knowledge exchange, provide guidance, feedback, training and professional development opportunities to the business unit application security roles
5. Collaborate with cross-functional teams, including development, operations, security, and compliance, to ensure effective communication of security risks and recommendations
6. Define and implement application security measures
7. Design secure SDLC and create corresponding concepts, standards and guidance materials
8. Select, introduce and operate SAST and DAST
9. Design Threat Modelling using industry frameworks like STRIDE or PASTA and implement together with Product Security Officer
10. Coordinate information security test management
11. Ensure security across CI/CD pipelines and practices
12. Application vulnerability and patch management incl. SBOM
13. Ensure usage and compliance to open-source software licenses
14. Promote secure coding practices and educate developers on the importance of security in software development
15. Design and implement secure application architectures that align with organizational security policies and standards
Requirements
16. Strong understanding of web application vulnerabilities (e.g., OWASP Top 10) and remediation strategies
17. Proficiency in secure coding practices and development methodologies
18. Experience with cloud-based platforms and containerization (e.g., Docker)
19. Knowledge of security frameworks and standards (e.g., IEC, NIST Cybersecurity Framework, OWAS Top10, OWASP ASVS)
20. CISSP, or related security certifications are a plus
21. Great enthusiasm for Information Security
22. Intrinsic motivation, never ending curiosity
23. Quick thinking and continuous learning personality and thus are able to dive into new topics quickly, filter and digest the relevant information
24. Inquisitive and analytical mindset
25. Strong problem-solving and analytical abilities
26. Excellent communication skills verbal and written, clear and to the point
27. Proactivity driver attitude happy to collaborate with others
28. Ability to work comfortably in a lean and agile environment
Whats on offer
29. Modern environment with flat hierarchies.
30. Modern hardware and the opportunity to work with cutting-edge technologies
31. Flexible working model with home office days
32. Training budget for personal growth
33. 30 days vacation
34. Events for employees to celebrate our achieved goals and great team-spirit
35. Cooperate benefits and insurances