Application Security Advisor (m/f) - Karlsruhe at Booxware Software Entwicklungs-GmbH (Karlsruhe, Deutschland)

Desired Skills and Experience

• Perform security audits for on-going projects for both architecture and implementation/Code Review
• Contribute to define secure architecture and design for new projects or making corrections to existing ones
• Work as a security mentor helping to establish secure development activities in SDLC end-to-end
• Perform security trainings for development teams
• Communicate with customers and teams, be able to convey the message about the importance of security, the ways of establishing it and the wrong ways of enforcing it (e.g. do penetration testing before release)
• Communicate with all teams: BAs, Developers, QAs, building a consistent understanding of security requirements, main threats, mitigations implemented
• Be able to communicate and coordinate work with other members of the Security Team (e.g. Infrastructure Security Experts, Penetration Testers)
• Work as a consultant answering particular questions related to security in development
• Start-up feeling in a high-volume business and working in an exciting growth industry
• National as well as international company and team events
• Individual development opportunities, appealing remuneration and flexible working times
• Computer Science Studies with at least 5 years of professional experience in the area of IT security including knowledge of at least one security development methodology (e.g. Microsoft SDL, OWASP SAMM etc.)
• More than 5 years of development experience in Java
• Knowledge of main security-related activities in development such as risk and privacy assessment, threat modeling, Security Code Review
• Deep understanding of the nature of security threats and their classification (e.g. XSS, SQL Injection, CSRF, Session Fixation, XPath Injection, buffer overflows, brute force, DoS etc.)
• Understanding of main security principles, such as multi-layered protection (Defense in Depth)
• Technical expertise, skills in analysis, unit testing, debugging and problem resolution
• Experience in managing a source code repository
• Strong communication skills in German and English
• Familiarity with existing security standards (e.g. OWASP, PCI DSS, NIST etc.)
• Solid know-how in the tools for various security activities: Static Code Analysis, Penetration Testing etc.
• Certifications in any IT security area 

Apply