Secure Software Development Specialist (f/m/x) Chief Security Office (CSO) [Job Profil: Information Security Specialist]

Job Description:

About the job

Deutsche Bank Technology in Berlin

DB Technology is a global team of tech specialists, spread across multiple trading hubs and tech centres. We have a strong focus on promoting technical excellence – our engineers work at the forefront of financial services innovation using cutting-edge technologies.

Our Berlin location is our most recent addition to our global network of tech centres and growing strongly. We are committed to building a diverse workforce and to creating excellent opportunities for talented engineers and technologists. Our tech teams and business units use agile ways of working to create #GlobalHausbank solutions from our home market.
 

Chief Security Office (CSO)

TDI’s Chief Security Office is responsible for the creation, maintenance, and implementation of the information security strategy of Deutsche Bank Group. CSO steers the measures derived from the information security strategy and provides guidance to employees regarding the identification, development, implementation, and execution of all processes which serve to reduce information security risk, to respond to incidents, and to establish appropriate policies and standards for information security management.

You’ll be joining the Secure Software Development Team. The team’s purpose is to drive the efficient integration of security services into DBs Software Development Processes and CI/CD Platforms, and that security is embedded as early as possible. Secure Coding Standards, best practices and guidance for application development teams are some of our core deliverables we provide to support security in software development. 

As a Secure Software Development Specialist you will be supporting the “Shift-Left-Approach" to shift security responsibilities to those creating software and shift it towards the beginning of the process. The responsibility is to define our secure coding standards and continuously enhance our secure coding guidance, blueprints, and best practices on different levels so that this is easy to consume for our developers, but also satisfies external and regulatory requests.

-> You love this job but feel you cannot tick 100% of the boxes? Send us your CV anyway!

Your key responsibilities

• Work with business divisions to identify and train Security Champions from the application teams and work with them on several security topics that will be incorporated into their software projects.

• Collaborate with application teams to help them identify the threats by moderating the threat identification game and ensure early security threats identification.

• Create/Update security guidelines for engineers, by continuously enhancing the supplementary guidance documents and confluence pages to address secure code snippets as good practices, checklists etc.

• Educate engineers on security best practices and supporting our development communities with patterns on how to embed security in the software development. Organize live sessions, trainings, write security articles etc

• You prepare and perform training sessions for engineers.

Your skills and experiences

• Security knowledge about security standards (ISO 27001), OWASP Top 10 (e.g. Encryption, Security Certificates, Authorization & Authentication, Configuration etc), Threat Modelling (Stride, Mitre Att&ck)

• Good understanding of Software Development Lifecycle (SDLC) processes and tools used by developers.

• You have a strong security culture and like spreading security solutions across teams. You like teamwork and engagement with development teams, like to collaborate with anyone around and help people.

• Nice to have: knowledge in software development and coding (e.g. Java or any other programming language)

What we offer

We provide you with a comprehensive portfolio of benefits and offerings to support both, your private and professional needs.

• Emotionally and mentally balanced
  A positive mind helps us master the challenges of everyday life – both professionally and privately. We offer consultation in difficult life situations as well as mental health awareness trainings.

• Physically thriving
  We support you in staying physically fit through an offering to maintain personal health and a professional environment. You can benefit from health check-ups; vaccination drives as well as advice on healthy living and nutrition.

• Socially connected
  Networking opens up new perspectives, helps us thrive professionally and personally as well as strengthens our self-confidence and well-being. You can benefit from PME family service, FitnessCenter Job, flexible working (e.g parttime, hybrid working, job tandem) as well as an extensive culture of diversity, equity and inclusion.

• Financially secure
  We provide you with financial security not only during your active career but also for the future. You can benefit from offerings such as pension plans, banking services, company bicycle or “Deutschlandticket”.

Since our offerings slightly vary across locations, please contact your recruiter with specific questions.

This job is available in full and parttime.

In case of any recruitment related questions, please get in touch with Sofya Veselkova.

Contact Sofya Veselkova: +49 3066769987

We strive for a culture in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively.

Together we share and celebrate the successes of our people. Together we are Deutsche Bank Group.

We welcome applications from all people and promote a positive, fair and inclusive work environment.