This appeals to you

• Being responsible for the security of our software development lifecycle, ensuring that all products (from cloud applications to embedded software) meet necessary security standards and regulations
• Drive the implementation of Security Development Lifecycle (SDLC ), which includes:

1. establishing, facilitating and tracking Threat Modelling activities and sessions in major (key) projects and training others to moderate threat modelling sessions for smaller projects
2. Informal training and information sessions for (key) software engineers to increase awareness and competency in software security
3. Identifying needs, organizing & conducting with help of (external) experts a strategy for penetration testing (pen test, ethical hacking) of products/systems which are already released or under development

• Evaluation and definition of the tool landscape supporting the software compliance assessment process, that includes SBOM (software bill of materials), list of software licenses, list of potentially vulnerable software components (CVE), etc.
• Reviewing and improving security of critical system functions in Operations (Production/Customizing/Service) and supporting Product Management regarding compliance and security relevant aspects when dealing with external partners (sales, customers)
• Acting as a "first contact point” if any questions are popping up from the R&D department. Providing guidelines, best practices, training and documentation for the development team. Acting as a moderator, coach & mentor for the R&D teams
• Working with compliance team to ensure relevant security standards like ISO 27001, NIST and OWASP. Supporting internal and external security audits
• Supporting assessment and audits of external software partners or software component suppliers with focus on contracts, liability, and security