Application Security Expert (DevSecOps)

Responsibilities / Tasks

The Application Security Expert (DevSecOps) is responsible for defining global security requirements for the development operation and maintenance of all GEA applications including those embedded in standard products tailored for customer projects or delivered as digital services. As part of the Product & Operational Technology Security Team within the CISO organization this role acts as the primary advisor to application development teams worldwide. The expert drives the adoption of securebydesign practices ensures alignment with enterprise security objectives and strengthens GEAs overall application security posture through proactive guidance and crossfunctional collaboration

• Defines and governs global security requirements procedures and processes for application software development ensuring consistent alignment with enterprise product security standards.
• Leads the global implementation of security tools and platforms across the secure development lifecycle (SDLC) enabling scalable and automated security integration in development workflows.
• Evaluates and ensures adherence to security requirements across all software development teams divisions global locations and external development partners.
• Conducts strategic security reviews and audits providing oversight and visibility into the effectiveness of secure development practices and driving continuous improvement.
• Define and implement security controls for AIenabled products and applications ensuring protection of data models APIs and runtime environments.
• Establish and enforce secure software development practices when AI tools are used (e.g. code generation code review testing documentation).
• Identifies and interprets legal contractual and customer security requirements ensuring application development processes remain compliant and futureready.
• Drives SDLC adoption and maturity guiding development locations in establishing robust repeatable and secure engineering processes.
• Serves as the primary security advisor to application development teams providing expert guidance on architecture risk mitigation and secure engineering methods.
• Builds and sustains strong partnerships with divisional leadership managing directors process owners and development leads to advanced global application security objectives.
• Defines and oversees key security KPIs ensuring meaningful reporting and transparency across the organization and enabling datadriven decision making.
• Implements a riskbased approach for assessing application security encompassing code analysis testing threat modeling and continuous risk monitoring.
• Collaborates with global asset owners to ensure security controls measures and vulnerabilities are effectively implemented managed and reported across all relevant software assets.
• Supports security incident analysis and forensics for applicationrelated breaches contributing to organizational learning and resilience.
• Continuously monitors industry trends and DevSecOps best practices ensuring that security requirements processes and tooling evolve in line with modern standards

Your Profile / Qualifications

• Bachler or masters degree in Information Technology/ Computer Science / Cybersecurity or a related technical discipline
• DevSecOps Certifications advantageous
• Security certifications such as CISSP CCSP GIAC Certified Intrusion Analyst (GCIA) GIAC Certified Incident Handler (GCIH) are a plus.
• 3 years combined experience in Software Engineering DevOps and/or Information Security.
• 3 years of experience with software development
• Very well knowledge of (cyber) security technologies and methods (threat landscapes models standards)
• Knowledge and experience with typical DevOps and DevSecOps tooling (CI/CD tools github k8s docker linux etc)
• Experience with application security tooling such as SAST DAST SBOM Tools SCA container and IaC scanning
• Understanding of source code risks when generated or assisted by AI including license compliance and hidden vulnerabilities
• Know-how in management systems audits dealing with audit-findings
• Knowledge of secure usage patterns for generative AI tools in software engineering
• Knowledge of compliance standards like CIS NIST and DISA
• Knowledge security standards such as ISO PCI HIPAA and SOX advantageous
• Experience in system and network design
• Experience in O365 and Azure Security
• Experience in multivendor Management and dealing with multiple suppliers
• Knowledge in any of GEAs target industries advantageous
• Strong interpersonal skills in communication and collaboration
• Negotiation skills at different levels (customers suppliers)
• Strong communication skills in English local language is a plus
• Strong analytical ability business acumen problem solving skills
• Ability to work successfully as part of a team

Did we spark your interest
Then please click apply above to access our guided application process.