- 5+ years experience in secure software development and architecture;
- 5+ years of operational experience as a Security Engineer for a public cloud SaaS application;
- 5+ years of experience in application-level vulnerability testing (e.g. Cross Site Scripting, SQL Injection, LDAP Injection, Cross Site Request Forgery, Insecure Cryptographic Storage, etc.);
- Experience with common vulnerability scanning and reporting tools (e.g. SonarQube, WhiteSource, Black Duck);
- Knowledge of a broad range of attack vectors and exploits (API, OS, database, network and Front End);
- Proven experience building security into a SaaS delivery pipeline;
- Knowledge of cloud computing services/deployment architecture, cloud operations (Azure a plus), security, automation and orchestration;
- Experience with code-level security auditing, automated static code analysis tools from a secure software development standpoint;
- Knowledge of the various cybersecurity frameworks and related industry-leading practices such as NIST, FFIEC, and OWASP;
- Experience performing threat modeling and design reviews to assess security implications and requirements for introduction of new technologies;
- Software development experience with two or more languages;
- Bachelor’s or Master’s degree in Computer Science or equivalent discipline;
- Fluent English.
- Knowledge of OAuth 2.0 / Open-ID Connect;
- Experience with vulnerability analysis, software compliance standards (e.g. FedRAMP, SOC2, FIPS, DISA STIG, BSIMM);
- Security-based credential (GIAC, CISSP CSSLP, SSCP, CCSP and CAP);
- Experienced operation and configuration of Linux systems;
- Ability to debug the full application stack;
- Formal background in cryptographic protocols and best practices, including knowledge of symmetric and asymmetric protocols, hashing, key exchange, and certificate management;
- Containerization technologies experience (Docker, Kubernetes).
- Serve as a technical lead and subject matter expert for our cloud-based infrastructure, network and application security;
- Constantly re-evaluate threat models for our application and infrastructure as we rapidly scale our offering, identifying security issues and prioritize fixes with key stakeholders;
- Develop technical solutions to help mitigate security vulnerabilities, evaluate, implement, and support security-focused tools and services;
- Drive security requirements through designing and building prototypes and / or proofs of concept;
- Promote reviewing code to enforce security, which includes reviewing pull requests and providing guidance to engineering teams and peers;
- Participate in building scalable detection systems and security focused telemetry tools;
- Work directly with engineering teams to establish and enforce security best practices, protection objectives, process improvements and effective security controls for new and existing products;
- Maintain strong knowledge of common security vulnerabilities, attack vectors, and remediation techniques;
- Participate in enhancing a security strategy focusing on cloud-based infrastructure, networks and applications, supporting security certifications and audits (SOC2 etc.);
- Build, maintain and enhance a central security policy for our cloud infrastructure, continuously scan and respond to policy violations;
- Close collaboration with architects community in all SimCorp development divisions.
We are looking for security tech lead who will ensure and govern security our new
CLOUD PRODUCTS as a part of One System enterprise solution.
SimCorp develops, sells and delivers integrated software solutions to the financial sector. Our product, SimCorp Dimension, is one of the leading investment management systems in the world and is used by global financial institutions and fund managers.
SimCorp cares about the balance of working hours, ensuring that our employees have quality time with their families and their hobbies. Thus, we offer: flexible working time, 28 days of paid vacation, premium medical insurance and payment of sport activities.