Senior Software Security Engineer About the Role We are seeking a Software Security Engineer to play a strategic and cross-functional leadership role in strengthening our Secure Software Development Lifecycle (SSDLC) across our entire product ecosystem — from classic 3-tier architectures to modern microservices-based payment platforms deployed on Amazon Web Services.
You will act as a trusted advisor and technical authority embedding security by design driving DevSecOps maturity and ensuring our software development practices consistently meet the highest standards of security compliance and operational excellence. Your Mission As a Software Security Engineer you will: - Define and continuously evolve the company-wide SSDLC security framework policies and governance.
- Influence architecture and design decisions across product teams to ensure security is a core design principle.
- Lead initiatives for security tooling automation and vulnerability management.
- Enable and mentor engineering teams to adopt secure coding perform code reviews apply threat modeling and embrace risk-driven design.
- Ensure alignment with the NIST Secure Software Development Framework (SSDF) and with PCI Secure Software Standard / PCI Secure SLC certification requirements.
Key Responsibilities Secure SDLC Governance & Strategy - Establish and enforce a global SSDLC framework and secure development policies.
- Conduct risk assessments threat modeling and architecture security reviews.
- Drive secure design and implementation practices with developers. Ensure secure configuration baselines and hardening standards are defined and applied.
- Ensure vulnerabilities are detected and mitigated via manual reviews and automated tools (SAST DAST SCA etc.)
- Guide the remediation of security incidents and root cause analysis
- Provide support for application-level security issues and audit follow-ups
- Run and/or supervise Pentests
DevSecOps & Security Automation - Define the roadmap and architecture for AppSec tooling (Checkmarx SAST DAST SCA container scanning secrets detection…).
- Oversee the integration of security controls and gates into CI/CD pipelines.
- Standardize security guardrails for APIs Kubernetes containers Microservices and cloud-native environments (AWS..)
- Establish metrics and dashboards to measure DevSecOps maturity.
Vulnerability & Compliance Management - Oversee vulnerability lifecycle management and coordinate enterprise-wide remediation plans.
- Lead and support external audits and certification cycles (PCI Secure Software Standard PCI Secure SLC).
- Provide security KPIs and risk reports to senior stakeholders and governance committees.
Training Advocacy & Culture - Promote secure coding best practices and continuous learning
- Design and deliver training programs on secure architecture code review threat Modeling and DevSecOps.
- Mentor security champions and influence technical leaders across the organization.
Required Profile Education - Master’s degree in Computer Science Software Engineering or Cybersecurity.
Experience - 5 to 8 years of experience in Application Security DevSecOps or SDLC Security.
- Proven track record leading application security initiatives in complex or regulated environments.
- Experience securing hybrid architectures (legacy microservices on Amazon Web Services).
- Strong stakeholder management and cross-team leadership skills.
Technical Skills - In-depth knowledge of secure coding and architecture practices based on the NIST Secure Software Development Framework (SSDF) OWASP Top 10 OWASP ASVS STRIDE…
- Hands-on expertise with AppSec tools (SAST SCA DAST container scanning) and their integration in CI/CD.
- Proficiency in securing infrastructure and workloads on Amazon Web Services (IAM KMS VPCs security groups observability stacks etc.).
- Familiarity with Kubernetes security concepts (RBAC network policies secrets management).
Development experience in Java Spring and Angular is a plus. REQUIRED SKILLS Skill Levels 1 – Beginner 2 – Intermediate 3 – Proficient 4 – Expert TECHNICAL SKILLS Technical Area | Level | Java Spring | 4 | DevSecOps | 4 | Software Development Framework (SSDF) Any one (OWASP Top 10/ OWASP ASVS/ STRIDE) | 4 | NIST Secure | 3 | AppSec tools any one (SAST/ SCA/ DAST/ container scanning) | 4 | CI/CD | 3 | Amazon Web Services | 2 | Kubernetes security | 2 |
Knowledge & Expertise Knowledge Area | Level | Cards & Payments (Good to have not mandatory) | 2 | ISTQB certification (Mandatory) | 4 |
PROFILE REQUIREMENTS - Education: Master’s degree (Engineering Computer Science Information Systems or equivalent)
|
Senior Software Security Engineer About the RoleWe are seeking a Software Security Engineer to play a strategic and cross-functional leadership role in strengthening our Secure Software Development Lifecycle (SSDLC) across our entire product ecosystem — from classic 3-tier architectures to modern mi...
Senior Software Security Engineer About the Role We are seeking a Software Security Engineer to play a strategic and cross-functional leadership role in strengthening our Secure Software Development Lifecycle (SSDLC) across our entire product ecosystem — from classic 3-tier architectures to modern microservices-based payment platforms deployed on Amazon Web Services.
You will act as a trusted advisor and technical authority embedding security by design driving DevSecOps maturity and ensuring our software development practices consistently meet the highest standards of security compliance and operational excellence. Your Mission As a Software Security Engineer you will: - Define and continuously evolve the company-wide SSDLC security framework policies and governance.
- Influence architecture and design decisions across product teams to ensure security is a core design principle.
- Lead initiatives for security tooling automation and vulnerability management.
- Enable and mentor engineering teams to adopt secure coding perform code reviews apply threat modeling and embrace risk-driven design.
- Ensure alignment with the NIST Secure Software Development Framework (SSDF) and with PCI Secure Software Standard / PCI Secure SLC certification requirements.
Key Responsibilities Secure SDLC Governance & Strategy - Establish and enforce a global SSDLC framework and secure development policies.
- Conduct risk assessments threat modeling and architecture security reviews.
- Drive secure design and implementation practices with developers. Ensure secure configuration baselines and hardening standards are defined and applied.
- Ensure vulnerabilities are detected and mitigated via manual reviews and automated tools (SAST DAST SCA etc.)
- Guide the remediation of security incidents and root cause analysis
- Provide support for application-level security issues and audit follow-ups
- Run and/or supervise Pentests
DevSecOps & Security Automation - Define the roadmap and architecture for AppSec tooling (Checkmarx SAST DAST SCA container scanning secrets detection…).
- Oversee the integration of security controls and gates into CI/CD pipelines.
- Standardize security guardrails for APIs Kubernetes containers Microservices and cloud-native environments (AWS..)
- Establish metrics and dashboards to measure DevSecOps maturity.
Vulnerability & Compliance Management - Oversee vulnerability lifecycle management and coordinate enterprise-wide remediation plans.
- Lead and support external audits and certification cycles (PCI Secure Software Standard PCI Secure SLC).
- Provide security KPIs and risk reports to senior stakeholders and governance committees.
Training Advocacy & Culture - Promote secure coding best practices and continuous learning
- Design and deliver training programs on secure architecture code review threat Modeling and DevSecOps.
- Mentor security champions and influence technical leaders across the organization.
Required Profile Education - Master’s degree in Computer Science Software Engineering or Cybersecurity.
Experience - 5 to 8 years of experience in Application Security DevSecOps or SDLC Security.
- Proven track record leading application security initiatives in complex or regulated environments.
- Experience securing hybrid architectures (legacy microservices on Amazon Web Services).
- Strong stakeholder management and cross-team leadership skills.
Technical Skills - In-depth knowledge of secure coding and architecture practices based on the NIST Secure Software Development Framework (SSDF) OWASP Top 10 OWASP ASVS STRIDE…
- Hands-on expertise with AppSec tools (SAST SCA DAST container scanning) and their integration in CI/CD.
- Proficiency in securing infrastructure and workloads on Amazon Web Services (IAM KMS VPCs security groups observability stacks etc.).
- Familiarity with Kubernetes security concepts (RBAC network policies secrets management).
Development experience in Java Spring and Angular is a plus. REQUIRED SKILLS Skill Levels 1 – Beginner 2 – Intermediate 3 – Proficient 4 – Expert TECHNICAL SKILLS Technical Area | Level | Java Spring | 4 | DevSecOps | 4 | Software Development Framework (SSDF) Any one (OWASP Top 10/ OWASP ASVS/ STRIDE) | 4 | NIST Secure | 3 | AppSec tools any one (SAST/ SCA/ DAST/ container scanning) | 4 | CI/CD | 3 | Amazon Web Services | 2 | Kubernetes security | 2 |
Knowledge & Expertise Knowledge Area | Level | Cards & Payments (Good to have not mandatory) | 2 | ISTQB certification (Mandatory) | 4 |
PROFILE REQUIREMENTS - Education: Master’s degree (Engineering Computer Science Information Systems or equivalent)
|
View more
View less
Job Location:
Monthly Salary:
Posted on:
20 hours ago
Vacancies:
1 Vacancy
