Senior Software Security Architect CT

• Ensure that internal and external software components follow "Security by Design" principles - from architecture to go-live in customer projects.
• Derive and manage security requirements from contracts, standards and customer expectations, and turn them into clear guidelines for projects and suppliers.
• Perform threat and risk assessments for applications and integrations and define concrete, prioritized mitigation measures.
• Review software, interface and integration designs from a security perspective and closely align with internal teams and customer IT.
• Oversee SSDLC / secure SDLC practices for third-party developments and coach internal teams on secure development best practices.
• Coordinate vulnerability management, patch strategy and exception handling for all integrated software components.
• Plan, supervise and validate security testing and define security acceptance criteria for key project milestones.
• Produce customer-facing security documentation and audit artefacts and drive security topics in workshops and supplier reviews.

Do you have experience in SDLC?, * University degree in Computer Science, Information Security, Electrical Engineering or a comparable STEM field - or an equivalent qualification.

• Several years of experience designing and assessing secure software architectures and integrations, ideally in critical infrastructure, manufacturing or a security/software tech environment.
• Application security is your passion; you have hands-on experience with frameworks such as OWASP SAMM, NIST SSDF (SP 800-218) and IEC 62443-4-1.
• Strong background in threat modeling, risk assessments and common vulnerability classes (e.g. OWASP Top 10, CWE) plus practical mitigation strategies.
• Experience with secure SDLC/SSDLC processes, CI/CD pipelines and typical security gates (code reviews, security testing, release approvals).
• Ability to analyze complex security topics, document them clearly and communicate them convincingly to developers, project managers, customers and suppliers.
• Very good English skills (written and spoken); French is a strong plus, German is an advantage.
• High willingness to travel (around 25 % internationally) and to work in interdisciplinary, globally distributed project teams.

Giesecke+Devrient ist ein weltweit tätiges Unternehmen für Sicherheitstechnologien, sowohl in der physischen als auch in der digitalen Welt. Milliarden von Menschen profitieren in ihrem privaten und geschäftlichem Alltag von G+D. Mit rund 11.600 Beschäftigten in 32 Ländern entwickeln, produzieren und vertreiben wir Produkte und Lösungen rund um die Absicherung von Bezahlvorgängen, Identitäten, Konnektivität und Daten.

Alles begann 1852 in Leipzig mit dem Druck von Wertpapieren. Heute ist unser Portfolio so vielseitig wie das moderne, mobile Leben. Wer mit Bargeld, Karte oder dem Smartphone bezahlt, nutzt mit hoher Wahrscheinlichkeit unsere Technologien.

Hinter all diesen Facetten steht ein gemeinsames Ziel: Creating Confidence – Vertrauen schaffen. Damit dies in allen Bereichen noch besser gelingt, untergliedert sich die Unternehmensgruppe seit 2017 in vier Unternehmensbereiche: in G+D Currency Technology, G+D Mobile Security, Veridos – ein Joint Venture mit der Bundesdruckerei – und in die börsennotierte secunet Security Networks AG.