Responsibilities / Tasks
The Application Security Expert (DevSecOps) is responsible for defining global security requirements for the development, operation, and maintenance of all GEA applications, including those embedded in standard products, tailored for customer projects, or delivered as digital services. As part of the Product & Operational Technology Security Team within the CISO organization, this role acts as the primary advisor to application development teams worldwide. The expert drives the adoption of secure‑by‑design practices, ensures alignment with enterprise security objectives, and strengthens GEA’s overall application security posture through proactive guidance and cross‑functional collaboration
1. Defines and governs global security requirements, procedures, and processes for application software development, ensuring consistent alignment with enterprise product security standards.
2. Leads the global implementation of security tools and platforms across the secure development lifecycle (SDLC), enabling scalable and automated security integration in development workflows.
3. Evaluates and ensures adherence to security requirements across all software development teams, divisions, global locations, and external development partners.
4. Conducts strategic security reviews and audits, providing oversight and visibility into the effectiveness of secure development practices and driving continuous improvement.
5. Define and implement security controls for AI‑enabled products and applications, ensuring protection of data, models, APIs, and runtime environments.
6. Establish and enforce secure software development practices when AI tools are used (e.g., code generation, code review, testing, documentation).
7. Identifies and interprets legal, contractual, and customer security requirements, ensuring application development processes remain compliant and future‑ready.
8. Drives SDLC adoption and maturity, guiding development locations in establishing robust, repeatable, and secure engineering processes.
9. Serves as the primary security advisor to application development teams, providing expert guidance on architecture, risk mitigation, and secure engineering methods.
10. Builds and sustains strong partnerships with divisional leadership, managing directors, process owners, and development leads to advanced global application security objectives.
11. Defines and oversees key security KPIs, ensuring meaningful reporting and transparency across the organization and enabling data‑driven decision making.
12. Implements a risk‑based approach for assessing application security, encompassing code analysis, testing, threat modeling, and continuous risk monitoring.
13. Collaborates with global asset owners to ensure security controls, measures, and vulnerabilities are effectively implemented, managed, and reported across all relevant software assets.
14. Supports security incident analysis and forensics for application‑related breaches, contributing to organizational learning and resilience.
15. Continuously monitors industry trends and DevSecOps best practices, ensuring that security requirements, processes, and tooling evolve in line with modern standards
Your Profile / Qualifications
16. Bachler or master’s degree in Information Technology/ Computer Science / Cybersecurity, or a related technical discipline
17. DevSecOps Certifications advantageous
18. Security certifications such as CISSP, CCSP, GIAC Certified Intrusion Analyst (GCIA), GIAC Certified Incident Handler (GCIH) are a plus.
19. 3 years combined experience in Software Engineering, DevOps, and/or Information Security.
20. 3+ years of experience with software development
21. Very well knowledge of (cyber) security technologies and methods (threat landscapes, models, standards)
22. Knowledge and experience with typical DevOps and DevSecOps tooling (CI/CD tools, github, k8s, docker, linux, etc)
23. Experience with application security tooling such as SAST, DAST, SBOM Tools, SCA, container and IaC scanning
24. Understanding of source code risks when generated or assisted by AI, including license compliance and hidden vulnerabilities
25. Know-how in management systems, audits, dealing with audit-findings
26. Knowledge of secure usage patterns for generative AI tools in software engineering
27. Knowledge of compliance standards like CIS, NIST and DISA
28. Knowledge security standards such as ISO, PCI, HIPAA and SOX advantageous
29. Experience in system and network design
30. Experience in O365 and Azure Security
31. Experience in multivendor Management and dealing with multiple suppliers
32. Knowledge in any of GEA’s target industries advantageous
33. Strong interpersonal skills in communication and collaboration
34. Negotiation skills at different levels (customers, suppliers)
35. Strong communication skills, in English, local language is a plus
36. Strong analytical ability, business acumen, problem solving skills
37. Ability to work successfully as part of a team