Senior Security Architect

My client in Hamburg is on the lookout for an experiened Security Architect to strengthen the security of their platforms and drive security by design forward.

Working within the CISO Department, your role will be pivotal in embedding security within our IT and development processes. You will assess and address potential security threats, foster security awareness, and work closely with the CISO team to implement robust security measures.

Key Responsibilities:

• Advocate for security by design within IT and development teams.
• Conduct comprehensive risk assessments, including design reviews, security requirements creation, gap analysis, security control validation, penetration testing support, vulnerability remediation guidance, risk articulation, and issuance of formal Risk Opinion reports.
• Lead the integration of DevSecOps within our DevOps teams.
• Act as the primary point of contact for security-related matters, serving as a liaison to the expertise within the CISO department.
• Formally evaluate information security risks related to business projects, assess potential impacts, and ensure follow-up on remediation efforts throughout the project lifecycle.
• Collaborate with IT teams (developers, architects, product owners, business stakeholders) to align platform security with the company's risk tolerance and threat landscape.
• Work with team members to identify and implement common security solutions.
• Support the CISO Risk & Compliance team and contribute to the creation, review, and updating of information security policies.
• Stay informed about the latest security systems, tools, trends, and technologies.

Requirements and Qualifications:

• A Master's or Bachelor's degree in Information Technology, Information Systems Security, Cybersecurity, or a related field, or equivalent technical training.
• At least 4 years of relevant experience in IT and Information Security, with a demonstrated ability to work independently with minimal supervision.
• Experience with security architectures, including cloud, mobile, enterprise, web, and application security.
• Proficiency with threat modeling frameworks such as MITRE ATT&CK, STRIDE, and PASTA.
• Knowledge of core security standards and frameworks: ISO 27001, ISO 27017, NIST, NTSC, OWASP, CIS, CVSS.
• Expertise in security testing to prevent issues like code execution, SQL injection, and cross-site scripting.
• Experience with security in cloud computing and microservices architecture.
• Familiarity with security-related legal and regulatory requirements.
• Specialized knowledge in web and mobile application security, data protection methods, and the ability to share this expertise with the team.
• A broad understanding of security concepts with deep expertise in 2 or 3 specific areas.
• Excellent communication skills, with the ability to translate technical information for non-technical stakeholders.

Please get in touch if you have furtehr details about the role and benefits.