The Application Security Expert (DevSecOps) defines the global security requirements for development operation and maintenance of applications either build to be part of a GEA standard product specific to an individual customer project or offering a service to our customer. The Application Security Expert (DevSecOps) is part of the Product and Operational Technology Security Team within the CISO organization and first contact for Application Development Teams on all secure development related topics.
Responsibilities / Tasks
The Application Security Expert (DevSecOps) is responsible for defining global security requirements for the development operation and maintenance of all GEA applications including those embedded in standard products tailored for customer projects or delivered as digital services. As part of the Product & Operational Technology Security Team within the CISO organization this role acts as the primary advisor to application development teams worldwide. The expert drives the adoption of securebydesign practices ensures alignment with enterprise security objectives and strengthens GEAs overall application security posture through proactive guidance and crossfunctional collaboration
Defines and governs global security requirements procedures and processes for application software development ensuring consistent alignment with enterprise product security standards.
Leads the global implementation of security tools and platforms across the secure development lifecycle (SDLC) enabling scalable and automated security integration in development workflows.
Evaluates and ensures adherence to security requirements across all software development teams divisions global locations and external development partners.
Conducts strategic security reviews and audits providing oversight and visibility into the effectiveness of secure development practices and driving continuous improvement.
Define and implement security controls for AIenabled products and applications ensuring protection of data models APIs and runtime environments.
Establish and enforce secure software development practices when AI tools are used (e.g. code generation code review testing documentation).
Identifies and interprets legal contractual and customer security requirements ensuring application development processes remain compliant and futureready.
Drives SDLC adoption and maturity guiding development locations in establishing robust repeatable and secure engineering processes.
Serves as the primary security advisor to application development teams providing expert guidance on architecture risk mitigation and secure engineering methods.
Builds and sustains strong partnerships with divisional leadership managing directors process owners and development leads to advanced global application security objectives.
Defines and oversees key security KPIs ensuring meaningful reporting and transparency across the organization and enabling datadriven decision making.
Implements a riskbased approach for assessing application security encompassing code analysis testing threat modeling and continuous risk monitoring.
Collaborates with global asset owners to ensure security controls measures and vulnerabilities are effectively implemented managed and reported across all relevant software assets.
Supports security incident analysis and forensics for applicationrelated breaches contributing to organizational learning and resilience.
Continuously monitors industry trends and DevSecOps best practices ensuring that security requirements processes and tooling evolve in line with modern standards
Your Profile / Qualifications
Bachler or masters degree in Information Technology/ Computer Science / Cybersecurity or a related technical discipline
DevSecOps Certifications advantageous
Security certifications such as CISSP CCSP GIAC Certified Intrusion Analyst (GCIA) GIAC Certified Incident Handler (GCIH) are a plus.
3 years combined experience in Software Engineering DevOps and/or Information Security.
3 years of experience with software development
Very well knowledge of (cyber) security technologies and methods (threat landscapes models standards)
Knowledge and experience with typical DevOps and DevSecOps tooling (CI/CD tools github k8s docker linux etc)
Experience with application security tooling such as SAST DAST SBOM Tools SCA container and IaC scanning
Understanding of source code risks when generated or assisted by AI including license compliance and hidden vulnerabilities
Know-how in management systems audits dealing with audit-findings
Knowledge of secure usage patterns for generative AI tools in software engineering
Knowledge of compliance standards like CIS NIST and DISA
Knowledge security standards such as ISO PCI HIPAA and SOX advantageous
Experience in system and network design
Experience in O365 and Azure Security
Experience in multivendor Management and dealing with multiple suppliers
Knowledge in any of GEAs target industries advantageous
Strong interpersonal skills in communication and collaboration
Negotiation skills at different levels (customers suppliers)
Strong communication skills in English local language is a plus
Strong analytical ability business acumen problem solving skills
Ability to work successfully as part of a team
Did we spark your interest Then please click apply above to access our guided application process.
The Application Security Expert (DevSecOps) defines the global security requirements for development operation and maintenance of applications either build to be part of a GEA standard product specific to an individual customer project or offering a service to our customer. The Application Security ...
The Application Security Expert (DevSecOps) defines the global security requirements for development operation and maintenance of applications either build to be part of a GEA standard product specific to an individual customer project or offering a service to our customer. The Application Security Expert (DevSecOps) is part of the Product and Operational Technology Security Team within the CISO organization and first contact for Application Development Teams on all secure development related topics.
Responsibilities / Tasks
The Application Security Expert (DevSecOps) is responsible for defining global security requirements for the development operation and maintenance of all GEA applications including those embedded in standard products tailored for customer projects or delivered as digital services. As part of the Product & Operational Technology Security Team within the CISO organization this role acts as the primary advisor to application development teams worldwide. The expert drives the adoption of securebydesign practices ensures alignment with enterprise security objectives and strengthens GEAs overall application security posture through proactive guidance and crossfunctional collaboration
Defines and governs global security requirements procedures and processes for application software development ensuring consistent alignment with enterprise product security standards.
Leads the global implementation of security tools and platforms across the secure development lifecycle (SDLC) enabling scalable and automated security integration in development workflows.
Evaluates and ensures adherence to security requirements across all software development teams divisions global locations and external development partners.
Conducts strategic security reviews and audits providing oversight and visibility into the effectiveness of secure development practices and driving continuous improvement.
Define and implement security controls for AIenabled products and applications ensuring protection of data models APIs and runtime environments.
Establish and enforce secure software development practices when AI tools are used (e.g. code generation code review testing documentation).
Identifies and interprets legal contractual and customer security requirements ensuring application development processes remain compliant and futureready.
Drives SDLC adoption and maturity guiding development locations in establishing robust repeatable and secure engineering processes.
Serves as the primary security advisor to application development teams providing expert guidance on architecture risk mitigation and secure engineering methods.
Builds and sustains strong partnerships with divisional leadership managing directors process owners and development leads to advanced global application security objectives.
Defines and oversees key security KPIs ensuring meaningful reporting and transparency across the organization and enabling datadriven decision making.
Implements a riskbased approach for assessing application security encompassing code analysis testing threat modeling and continuous risk monitoring.
Collaborates with global asset owners to ensure security controls measures and vulnerabilities are effectively implemented managed and reported across all relevant software assets.
Supports security incident analysis and forensics for applicationrelated breaches contributing to organizational learning and resilience.
Continuously monitors industry trends and DevSecOps best practices ensuring that security requirements processes and tooling evolve in line with modern standards
Your Profile / Qualifications
Bachler or masters degree in Information Technology/ Computer Science / Cybersecurity or a related technical discipline
DevSecOps Certifications advantageous
Security certifications such as CISSP CCSP GIAC Certified Intrusion Analyst (GCIA) GIAC Certified Incident Handler (GCIH) are a plus.
3 years combined experience in Software Engineering DevOps and/or Information Security.
3 years of experience with software development
Very well knowledge of (cyber) security technologies and methods (threat landscapes models standards)
Knowledge and experience with typical DevOps and DevSecOps tooling (CI/CD tools github k8s docker linux etc)
Experience with application security tooling such as SAST DAST SBOM Tools SCA container and IaC scanning
Understanding of source code risks when generated or assisted by AI including license compliance and hidden vulnerabilities
Know-how in management systems audits dealing with audit-findings
Knowledge of secure usage patterns for generative AI tools in software engineering
Knowledge of compliance standards like CIS NIST and DISA
Knowledge security standards such as ISO PCI HIPAA and SOX advantageous
Experience in system and network design
Experience in O365 and Azure Security
Experience in multivendor Management and dealing with multiple suppliers
Knowledge in any of GEAs target industries advantageous
Strong interpersonal skills in communication and collaboration
Negotiation skills at different levels (customers suppliers)
Strong communication skills in English local language is a plus
Strong analytical ability business acumen problem solving skills
Ability to work successfully as part of a team
Did we spark your interest Then please click apply above to access our guided application process.
GEA makes an important contribution to a sustainable future with its solutions and services, particularly in the food, beverage and pharmaceutical sectors.
Job Location:
Monthly Salary:
Posted on:
Vacancies:
