Senior Application Security Engineer (80 - 100%)
Role details
Job location
Tech stack
Job description
Join CISTEC as a Senior Application Security Engineer to shape healthcare.
Tasks
- Lead our Security Champions and promote knowledge sharing.
- Establish 'Shift-Left-Security' in the software development lifecycle.
- Act as the main contact for application security aspects., * Professional leadership of our Security Champions, promotion of knowledge exchange, and co-responsibility for building our Security Champion guild considering our internal security policies, best practices, and secure coding guidelines.
- Establishment of "Shift-Left-Security" and early anchoring of security principles throughout the software development lifecycle.
- Central contact person for all aspects of application security and advising our agile development teams on implementing secure software.
- Participation in the implementation and validation of security measures in the codebases of our modern web apps (mobile, widescreen, desktop) within the extensive ecosystem of our clinical information system KISIM.
- Leading threat modelings as well as supporting secure code reviews and analysis of external penetration tests.
- Evaluation, implementation, and optimization of our security tools (SAST, DAST, SCA) with integration into our CI/CD pipelines.
In this role, you work closely with the CISO, product owners, software architects, DevOps engineers, and developers to effectively implement security requirements.
Requirements
- Several years of experience with web technologies and IT security.
- Ability to explain complex technical issues clearly.
- Fluent in German; English and French are a plus., * Several years of practical experience as a software engineer with web technologies (React, TypeScript, Node.js, GraphQL, GitLab CI, Argo CD, Kubernetes, and Postgres or comparable).
- Completed studies in computer science, business informatics, or similar.
- Solid experience in implementing IT security measures in software projects as well as confident handling of common security standards, attack scenarios, and tools (OWASP Top 10, SAST, DAST, SCA).
- Knowledge of SaMD and ISO-81001-5-1 is an advantage.
- Enjoy sharing your knowledge, coaching others, and independently driving initiatives forward. Initial experience in mentoring or leading a community of practice is a big plus.
- Ability to explain complex technical issues clearly and convincingly at all levels.
- Fluent German skills in spoken and written form; English and French are advantageous.
Benefits & conditions
Meaningful work with impact: You work on exciting projects at the interface of AI and healthcare - in an interdisciplinary team that creates real added value.
Innovative environment: Together we develop pioneering solutions that sustainably improve clinical everyday life - with noticeable impact for health professionals.
Flexible working: Part-time work, flexible working hours, and home office are a matter of course. After the probation period, you can work remotely up to four days a week.
Learning and innovation culture: We actively promote your further education and support you in attending professional conferences and trade fairs. Flat hierarchies and an open, agile team environment create space for personal and professional development.
Attractive benefits: Enjoy 5 weeks of vacation per year. Unpaid leave is possible by arrangement.
Shared experiences: We celebrate successes together - at lunch barbecues, on snow days, or at our team and company events.
