This appeals to you
1. Being responsible for the security of our software development lifecycle, ensuring that all products (from cloud applications to embedded software) meet necessary security standards and regulations
2. Drive the implementation of Security Development Lifecycle (SDLC ), which includes:
3. establishing, facilitating and tracking Threat Modelling activities and sessions in major (key) projects and training others to moderate threat modelling sessions for smaller projects
4. Informal training and information sessions for (key) software engineers to increase awareness and competency in software security
5. Identifying needs, organizing & conducting with help of (external) experts a strategy for penetration testing (pen test, ethical hacking) of products/systems which are already released or under development
6. Evaluation and definition of the tool landscape supporting the software compliance assessment process, that includes SBOM (software bill of materials), list of software licenses, list of potentially vulnerable software components (CVE), etc.
7. Reviewing and improving security of critical system functions in Operations (Production/Customizing/Service) and supporting Product Management regarding compliance and security relevant aspects when dealing with external partners (sales, customers)
8. Acting as a “first contact point” if any questions are popping up from the R&D department. Providing guidelines, best practices, training and documentation for the development team. Acting as a moderator, coach & mentor for the R&D teams
9. Working with compliance team to ensure relevant security standards like ISO 27001, NIST and OWASP. Supporting internal and external security audits
10. Supporting assessment and audits of external software partners or software component suppliers with focus on contracts, liability, and security
This is you
11. You hold an university degree in Software Engineering or related discipline and preferably an advanced certification like CISSP or CISM
12. At least 5 years of experience in software security, application security, or a similar role
13. Strong understanding of cybersecurity principles
14. Expertise in secure software development lifecycle (SDLC)
15. Familiarity in programming languages like C++, Python or C#
16. Knowledge of security tools (e.g., static/dynamic code analysis tools, firewalls).
17. Analytical skills for identifying and mitigating risks
18. Effective communication and moderation skills in English being able to share complex security aspects to a variety of different stakeholders
We offer you
19. Flexible annual working hours based on a 40-hour week, with 100% employment
20. Vacation entitlement: 25 days from the age of 20, 27 days from the age of 40 and 30 days from the age of 50
21. Hybrid Working model
22. Bonus system and extra-mandatory pension fund contributions
23. Individual training opportunities (internal and external)
24. Relocation service
25. Various Discounts (Health, Car, Entertainment and much more)
26. Employee Events
27. Flat hierarchy structure
28. Warm and international corporate culture based on respect and cooperation
Here you can find more information about us as an employer.
About Us
Hexagon is a leading provider of digital reality solutions and employs more than 24,000 people in 50 countries. You will be part of a strong, experienced, inspiring and motivated team of experts driving the future of Hexagon. You will use and develop your skills in our highly innovative and diverse environment.
Flexible working models allow you to ideally combine work and private interests.
Contact
If you have any questions, please do not hesitate to contact Aga Gdowska, Talent Acquisition Specialist.