Application Security Lead mfd

Join us in developing and strengthening an entire department and transforming cybersecurity capabilities on a global scale. If youre committed to making a real impact in the field of Cyber Security you can #ShapeTheM with us.  

Besides an interesting professional environment we offer you a culture that wants you to thrive and allows to learn from each other: 

• We try together we stumble together we get up together and shape our future. Be part of our transformation build crossfunctional capabilities and discover new ways of excelling in the Cyber Security field. 

• We create impact in the world of food and offer comfort for our customers worldwide. To achieve this we build capabilities to be the cyberresilient omnichannel wholesaler. 

• We invite you to take on responsibility make our company your company and create a business together that remains true to its roots but always seeks new solutions. 

• Together we CARRY the M we GROW the M we INSPIRE the M we SHAPE the M. 

The purpose of this role is to define the security requirements for the cloud platforms utilized at METRO based on the industry standards and regulations as well as monitore their fulfillment. This role owns knowledge of common security threats security controls and associated technologies and practices related to securing the relevant IaaSPaaS and SaaS cloud platforms cloud services and associated IT resources based on cloud technologies.

Your Tasks:

Contribue to develop relevant guidelines and standards related to application security cryptography management and any relevant areas for software development.

Contribute to ensure that each steps of software development lifecycle (SDLC) used by software engineers across METRO is following best practices in term of information security and data privacy.

Contribute to develop and maintain the needed technologies and processes to be included in continuous software development processes (CI/CD pipelines) to include tollgates to secure that security control validations are automatically performed during development and deployment phases

Support software engineer teams across METRO to address identified software vulnerabilities and weaknesses

Support cyberdefense and software engineer teams in case of identified risks or security alerts related software or thirdparty librairies vulnerabilities to determine METROs exposure to such vulnerabilities and risks.

Qualifications :

• Bachelors degree in Cybersecurity Information Technology or a related field (or equivalent experience).
• Minimum of 5 years of experience in Application security engineering or DevSecOps.
• Proven experience in defining and implementing Secure SDLC controls.
• Strong understanding of cloud security best practices and industry standards (e.g. GCP Security Best Practices ASVS OWASP CIS Controls).
• Indepth knowledge of SAST SCA DAST security concepts.
• Experience with CI/CD tools.
• Experience with cloud security tools and technologies (e.g. CloudTrail GuardDuty Security Hub).
• Excellent communication collaboration and problemsolving skills.
• Experience with bug bounty programs.
• Ability to work independently and as part of a team.

Additional Information :

• We offer to be part of a fastgrowing international team that has significant scaling ambitions across multiple markets.
• WorkLife Balance: Trusted working hours 30 days of vacation and home office options
• Further training: A comprehensive further training offer over an own training team as well as an own annual training budget.
• Wellbeing: Health programs a free fitness studio on our campus and regular employee events.
• Comfort: Very good public transport connections and free parking spaces including charging facilities for emobility. A canteens with a varied selection of meals and discounts in our stores and at many partner companies.

Remote Work :

No

Employment Type :

Fulltime