Name	Description	Retention Period
_mg	This cookie used for the user's authentication.	Session
savedjobs	This cookie stores the job offers selected as favourites by the visitor.	Session
allowedCookie	This cookie stores whether a decision has already been made to use cookies or not.	Session
allowedUserCookieCategories	This cookie stores the consent given by the visitor to the use of cookies and to the integration of third-party content (see below for selection) for current session.	Session
ASP.NET_SessionId	This cookie stores the visitors session state to ensure smooth communication between server and client.	Session
lang	This cookie stores the language chosen by the visitor for the duration of the session.	Session
sxa_site	This cookie stores the name of the site	Session
theme	This cookie stores the theme value	Session
__RequestVerificationToken	This cookie stores the visitors request verification token to ensure smooth communication between server and client.	Session

Name	Description	Retention Period
savedjobsfuture	This cookie stores the job offers selected as favourites selected by the visitor for future sessions, in case preference cookies were accepted.	30 days
consentfuture	This cookie stores the consent given by the visitor to the use of cookies and to the integration of third-party content (see below for selection) for future sessions.	390 days
langfuture	This cookie stores the language selected by the visitor for future sessions, in case preference cookies were accepted.	390 days
themefuture	This cookie stores the theme selected by the visitor for future sessions, in case preference cookies were accepted.	390 days

Name	Description	Retention Period
_ga	This cookie is used to distinguish users. We use the web analysis service Google Analytics of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google") on our website. For details, please refer to the cookie policy of Google Analytics	2 Years
_ga_property-id	This cookie is used to persist session state. We use the web analysis service Google Analytics of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google") on our website. For details, please refer to the cookie policy of Google Analytics	2 Years

Name	Description	Retention Period
Google Maps	The Google Maps content embedded on these pages use a number of cookies for display. For details, please refer to the privacy policy of Google.	For details, please refer to the privacy policy of the service provider mentioned in the description.
YouTube	The YouTube videos embedded on these pages use a number of cookies for display. For details, please refer to the privacy policy of Google.	For details, please refer to the privacy policy of the service provider mentioned in the description.
Flockler	We use Flockler to display content from Facebook, Instagram, TikTok, X, LinkedIn and YouTube. Flockler does not use cookies. For details, please refer to the privacy policy of flockler	Please refer to the privacy policy of flockler for further information.

Application Security Lead (m/f/d)

Professionals without leadership responsibility

Key Facts

Professionals without leadership responsibility
Professionals without leadership responsibility
IT
IT
Full time
Full time
Düsseldorf, NRW, Germany
Düsseldorf, NRW, Germany

Job Description

The purpose of this role is to define the security requirements for the cloud platforms utilized at METRO based on the industry standards and regulations as well as monitore their fulfillment. This role owns knowledge of common security threats, security controls and associated technologies and practices related to securing the relevant IaaS,PaaS and SaaS cloud platforms, cloud services, and associated IT resources based on cloud technologies.

Contribue to develop relevant guidelines and standards related to application security, cryptography management and any relevant areas for software development.
Contribute to ensure that each steps of software development lifecycle (SDLC) used by software engineers across METRO is following best practices in term of information security and data privacy.
Contribute to develop and maintain the needed technologies and processes to be included in continuous software development processes (CI/CD pipelines) to include tollgates to secure that security control validations are automatically performed during development and deployment phases
Support software engineer teams across METRO to address identified software vulnerabilities and weaknesses,
Support cyberdefense and software engineer teams in case of identified risks or security alerts related software or third-party libraries vulnerabilities to determine METRO’s exposure to such vulnerabilities and risks.

Qualifications

Relevant Master’s degree in Computer Science, Information Security, or a related field
Minimum of 3 years of experience in cyber security, application security or software engineering
Familiarity with common information security standards (e.g., OWASP, ISO 27001, NIST)
Familiarity with threat modeling (using STRIDE for example) to identify potential threats and vulnerabilities in systems and applications.
Proven experiences in implementing DevSecOps approach by integrating SCA, DAST and SAST analysis in CI/CD pipelines.
Familiarity with vulnerability priortisation approaches
Advanced skills in building detailed and actionable analysis reports to enable
Proven project management abilities, ensuring projects are delivered on time and within budget
Effective stakeholder management with strong communication and coordination skills in complex organizational environments
Broad knowledge and overview of security architectures and security systems in IT and OT environments
Fluent English skills

Benefits

Work-life balance

Flexible working time models with the option of mobile working in consultation with your line manager, 30 days holiday.

Learning & development

A comprehensive range of training courses via our own training centre or external providers.

Well-being

Health days with lots of health checks and information about your well-being, company medical care including a range of preventive services, such as flu shots, OTHEB employee assistance programme.