Hexagon is a leading provider of digital reality solutions and employs more than 24,000 people in 50 countries. You will be part of a strong, experienced, inspiring and motivated team of experts driving the future of Hexagon. You will use and develop your skills in our highly innovative and diverse environment.

Flexible working models allow you to ideally combine work and private interests.

• Being responsible for the security of our software development lifecycle, ensuring that all products (from cloud applications to embedded software) meet necessary security standards and regulations
• Being a member of an R&D security and compliance group, conducting and coordinating activities according to regulations like Cyber Resilience Act or company internal compliance processes
• Conducting risk assessments together with development teams (e.g. based on Threat Modelling, Pen Testing) and define the needed security user stories for further product development
• Supporting the definition of affected processes and best practices within the security environment (SDLC). Continuous improvement of overall organizational processes affected by governance and compliance needs
• Consulting stakeholders (e.g. R&D teams, supply chain, sales) in all areas of security relevant topics from supporting tools to architecture
• Working with compliance team to ensure relevant compliance standards like ISO 27001and NIS2. Supporting internal and external compliance audits
• Supporting sourcing, assessment and audits of external software partners or software component/tool suppliers with focus on contracts, liability, and security

• You hold a university degree in Software Engineering or a related discipline, and preferably an advanced certification like CISSP or CISM
• At least 5 years of experience in software security, application security, or a similar role
• Expertise in aspects of security and compliance topics, including SDLC and the most common security tools (e.g., static/dynamic code analysis tools, firewalls).
• Excellent planning, coordination and stakeholder management skills to get security aspects done in the organisation
• Familiarity in programming languages like Python, C++ or C#
• Analytical skills for identifying and mitigating risks
• Effective communication and moderation skills in English being able to share complex security aspects to a variety of different stakeholders. German is a plus 

• Flexible annual working hours based on a 40-hour week, with 100% employment
• Vacation entitlement: 25 days from the age of 20, 27 days from the age of 40 and 30 days from the age of 50
• Hybrid working model
• Bonus system and extra-mandatory pension fund contributions
• Individual training opportunities (internal and external)
• Various discounts (Health, Car, Entertainment and much more)
• Employee events
• Flat hierarchy structure
• Warm and international corporate culture based on respect and cooperation

Here you can find more information about us as an employer.