Application Security Lead (m/f/d)

As a leading international food wholesaler, we at METRO are specialized in catering to the needs of hotels, restaurants, caterers (HoReCa), independent merchants (Traders), and more. With approximately 15 million customers worldwide, our unique multichannel mix offers the flexibility of purchasing goods in-store or via our digitally connected Food Service Distribution (FSD) delivery. In addition, we are continuously expanding our international online marketplace, METRO MARKETS, to meet the needs of our professional customers. We furthermore take pride in our commitment to sustainability which is considered in all our actions and being listed in various sustainability indices and rankings for years is proof for our dedication (e. g. MSCI, CDP, Dow Jones Sustainability Index). With our business operations spanning 32 countries, over 90,000 employees worldwide and generating sales of around €30 billion in the fiscal year 2022/23, we are determined to continue our journey to growth. 

At METRO, we have set ourselves ambitious goals with our “sCore” growth strategy which is closely accompanied by our Fundamentals. These shared values provide us with rules of conduct that are binding for everyone at METRO, in all countries and companies. Our commitment to wholesale is at the forefront of our mission, and we are constantly striving to improve. With our ONE METRO spirit, everyone stands together, bringing curiosity, determination, courage, drive, commitment, and trust. Find out more about METRO at careers.metroag.de. 

The purpose of this role is to define the security requirements for the cloud platforms utilized at METRO based on the industry standards and regulations as well as monitore their fulfillment. This role owns knowledge of common security threats, security controls and associated technologies and practices related to securing the relevant IaaS,PaaS and SaaS cloud platforms, cloud services, and associated IT resources based on cloud technologies.

• Contribue to develop relevant guidelines and standards related to application security, cryptography management and any relevant areas for software development.
• Contribute to ensure that each steps of software development lifecycle (SDLC) used by software engineers across METRO is following best practices in term of information security and data privacy.
• Contribute to develop and maintain the needed technologies and processes to be included in continuous software development processes (CI/CD pipelines) to include tollgates to secure that security control validations are automatically performed during development and deployment phases
• Support software engineer teams across METRO to address identified software vulnerabilities and weaknesses,
• Support cyberdefense and software engineer teams in case of identified risks or security alerts related software or third-party librairies vulnerabilities to determine METRO’s exposure to such vulnerabilities and risks.

• Relevant Master’s degree in Computer Science, Information Security, or a related field
• Minimum of 3 years of experience in cyber security, application security or software engineering
• Familiarity with common information security standards (e.g., OWASP, ISO 27001, NIST)
• Familiarity with threat modeling (using STRIDE for example) to identify potential threats and vulnerabilities in systems and applications.
• Proven experiences in implementing DevSecOps approach by integrating SCA, DAST and SAST analysis in CI/CD pipelines.
• Familiarity with vulnerability priortisation approaches
• Advanced skills in building detailed and actionable analysis reports to enable
• Proven project management abilities, ensuring projects are delivered on time and within budget
• Effective stakeholder management with strong communication and coordination skills in complex organizational environments
• Broad knowledge and overview of security architectures and security systems in IT and OT environments
• Fluent English skills

• Work-life balance: Flexible working hours with the option of mobile working in agreement with your line manager, 30 days of holidays.
• Training: A comprehensive training offer via our own training center or externally.
• Well-being: Health days with lots of health checks and information about your well-being, company medical care including a range of preventive services, such as flu shots, OTHEB employee assistance program. 
• Exciting life on campus: Free gym and sports classes, Rioba coffee bar, canteen with discounted meals for employees, many campus events.
• Discounts: discounted Jobticket as well as discounts in our wholesale stores and at many partner companies.
• Comfort: Good transport connections, free parking spaces, JobBike. 
• Company pension plan: You will receive a contribution to your company pension. 
• Family driven: Three daycare centers for children on campus, support of holiday camps for children of employees.