JUMP TO CONTENT

Metro-Straße 1, Düsseldorf

  1. Full Time
  2. IT Security / Network Administration
  3. Düsseldorf

Application Security Lead (m/f/d)

Job description

Company Description

As a leading international food wholesaler, we at METRO are specialized in catering to the needs of hotels, restaurants, caterers (HoReCa), independent merchants (Traders), and more. With approximately 15 million customers worldwide, our unique multichannel mix offers the flexibility of purchasing goods in-store or via our digitally connected Food Service Distribution (FSD) delivery. In addition, we are continuously expanding our international online marketplace, METRO MARKETS, to meet the needs of our professional customers. We furthermore take pride in our commitment to sustainability which is considered in all our actions and being listed in various sustainability indices and rankings for years is proof for our dedication (e. g. MSCI, CDP, Dow Jones Sustainability Index). With our business operations spanning 32 countries, over 90,000 employees worldwide and generating sales of around €30 billion in the fiscal year 2022/23, we are determined to continue our journey to growth. 

At METRO, we have set ourselves ambitious goals with our “sCore” growth strategy which is closely accompanied by our Fundamentals. These shared values provide us with rules of conduct that are binding for everyone at METRO, in all countries and companies. Our commitment to wholesale is at the forefront of our mission, and we are constantly striving to improve. With our ONE METRO spirit, everyone stands together, bringing curiosity, determination, courage, drive, commitment, and trust. Find out more about METRO at careers.metroag.de.


Job Description

Join us, in developing and strengthening an entire department and transforming cybersecurity capabilities on a global scale. If you're committed to making a real impact in the field of Cyber Security, you can #ShapeTheM with us.  

Besides an interesting professional environment, we offer you a culture that wants you to thrive and allows to learn from each other: 

  • We try together, we stumble together, we get up together and shape our future. Be part of our transformation, build cross-functional capabilities and discover new ways of excelling in the Cyber Security field. 

  • We create impact in the world of food and offer comfort for our customers worldwide. To achieve this, we build capabilities to be the cyber-resilient omni-channel wholesaler. 

  • We invite you to take on responsibility, make our company your company and create a business together that remains true to its roots but always seeks new solutions. 

  • Together, we CARRY the M, we GROW the M, we INSPIRE the M, we SHAPE the M. 

The purpose of this role is to define the security requirements for the cloud platforms utilized at METRO based on the industry standards and regulations as well as monitore their fulfillment. This role owns knowledge of common security threats, security controls and associated technologies and practices related to securing the relevant IaaS,PaaS and SaaS cloud platforms, cloud services, and associated IT resources based on cloud technologies.

Your Tasks:

· Contribue to develop relevant guidelines and standards related to application security, cryptography management and any relevant areas for software development.

· Contribute to ensure that each steps of software development lifecycle (SDLC) used by software engineers across METRO is following best practices in term of information security and data privacy.

· Contribute to develop and maintain the needed technologies and processes to be included in continuous software development processes (CI/CD pipelines) to include tollgates to secure that security control validations are automatically performed during development and deployment phases

· Support software engineer teams across METRO to address identified software vulnerabilities and weaknesses,

· Support cyberdefense and software engineer teams in case of identified risks or security alerts related software or third-party librairies vulnerabilities to determine METRO’s exposure to such vulnerabilities and risks.


Qualifications

  • Bachelor's degree in Cybersecurity, Information Technology, or a related field (or equivalent experience).
  • Minimum of 5 years of experience in Application security engineering or DevSecOps.
  • Proven experience in defining and implementing Secure -SDLC controls.
  • Strong understanding of cloud security best practices and industry standards (e.g., GCP Security Best Practices, ASVS , OWASP , CIS Controls).
  • In-depth knowledge of SAST, SCA, DAST security concepts.
  • Experience with CI/CD tools.
  • Experience with cloud security tools and technologies (e.g., CloudTrail, GuardDuty, Security Hub).
  • Excellent communication, collaboration, and problem-solving skills.
  • Experience with bug bounty programs.
  • Ability to work independently and as part of a team.

Additional Information

  • We offer to be part of a fast-growing international team that has significant scaling ambitions across multiple markets.
  • Work-Life Balance: Trusted working hours, 30 days of vacation and home office options
  • Further training: A comprehensive further training offer over an own training team as well as an own annual training budget.
  • Well-being: Health programs, a free fitness studio on our campus and regular employee events.
  • Comfort: Very good public transport connections and free parking spaces including charging facilities for e-mobility. A canteens with a varied selection of meals and discounts in our stores and at many partner companies.
List #1

Articles you might be interested in

#METROheroes celebrate #NEWGETHERNESS worldwide

Teaser

Life on Campus

Content Type

blogs

Publish date

06/06/2022

Summary

Today, 21 May 2021, colleagues across the METRO world virtually celebrated the first global #METROheroes Day. This special day was dedicated to METRO's corporate values, our Guiding Principles, and al

Teaser

Today, 21 May 2021, colleagues across the METRO world virtually celebrated the first global #METROheroes Day. This special day was dedicated to METRO's corporate values, our Guiding Principles, and all #METROheroes. METRO's new togetherness - #NEWGETHER for short - was the focus of #METROheroes Day.

Read more
PRIDE Index – METRO AG amongst Top 10

Teaser

Our Culture

Content Type

blogs

Publish date

06/06/2022

Summary

METRO is in the top 10 for the German PRIDE Index 2021 by the UHLALA Group, among the 150 companies that applied. This recognition is a testament to METRO's commitment to their lesbian, gay, bisexual,

Teaser

METRO is in the top 10 for the German PRIDE Index 2021 by the UHLALA Group, among the 150 companies that applied. This recognition is a testament to METRO's commitment to their lesbian, gay, bisexual, transgender, intersex, and queer (LGBTIQ+) employees. METRO is an inclusive company and is honored to receive this recognition.

Read more
View all

  1. Full Time
  2. IT Security / Network Administration
  3. without leadership responsibility
  4. Düsseldorf

Browse Jobs