Information Security Architect(ISA) 信息安全架构师

Objectives of the Position
•Providing a secure and trustworthy customer journey is one of our most important objectives. In order to expand our cybersecurity capabilities, Daimler Greater China (DGRC) is seeking a Security Architect. He/she is responsible to consistently execute the global architecture and security strategy.
The main objective for the Security Architect is to deploy and operate application security capabilities, solutions and requirements. This includes to ensure the execution of code reviews and application focused attack as well as penetrating testing. The Specialist will also support the identification and remediation of application-level vulnerabilities to meet DGRC and other Daimler China entities’ needs and business requirements.
•Application Security: (70%)
-Support IT projects to fulfill their requirements for enhanced protection. This includes the whole development lifecycle from requirements phase through development and testing phase in waterfall and agile driven IT projects.
-Through the whole software development life-cycle (SDLC) security requirements have to be monitored and developed on request.
-Deploy, integrate and operate application security capabilities, solutions and requirements consistently.
-Leverage and support given initiatives from Daimler Global CyberSecurity.
-Identify and document application level vulnerabilities and ensure inadequate information risks are being addressed.
-Review design specifications and identify system use scenarios with potential security implications.
-Ensure that technical, architectural or design decisions will not lead to violations of security policies.
-Assess the system architecture to identify potential security threats and vulnerabilities and determine their impact.
-Coordinate with involved parties and monitor remediation activities.
-Provide guidance and recommendations for remediating application vulnerabilities.
-Recommend and facilitate targeted application security training, including developing and implementing a secure code training program to highlight software vulnerabilities and defense measures.
-Conduct application security testing quality assurance (QA) throughout the SDLC lifecycle to validate testing processes.
-Support the secure recovery of applications in alignment with IT Service Continuity Management (ITSCM) standards.
•Consulting & Innovation Support: (20%)
-Serve as a member during application build processes.
-Provide consulting and on-demand support to innovation initiatives to drive speed to value.
-Provide security support and consultant within project rollout and lead some execution of IT security projects.
-Establishment of relevant processes and methods in order to create transparency in information security
-Support for cloud risk assessment
-Responsible for implementation of IT Security related technologies, interface with IT Operational Security.
•Proactive Guidance: (10%)
-Actively communicate and keep abreast of the latest trends in application security.
-Stay current on industry leading practices.
-Monitor application security threats and incorporate leading practices.
-Proactively identify opportunities for improvements in application security. Facilitate meetings with business members and participate in discussions relating to changes in application security standards.


Task description
•Application Security:
-Support IT projects to fulfill their requirements for enhanced protection. This includes the whole development lifecycle from requirements phase through development and testing phase in waterfall and agile driven IT projects.
-Through the whole software development life-cycle (SDLC) security requirements have to be monitored and developed on request.
-Deploy, integrate and operate application security capabilities, solutions and requirements consistently.
-Leverage and support given initiatives from Daimler Global Cyber Security.
-Identify and document application level vulnerabilities and ensure inadequate information risks are being addressed.
-Review design specifications and identify system use scenarios with potential security implications.
-Ensure that technical and architectural decisions will not lead to violations of security policies.
-Assess the system architecture to identify potential security threats and vulnerabilities and determine their impact.
-Provide guidance and recommendations for remediating application vulnerabilities.
-Recommend and facilitate targeted application security training, including developing and implementing a secure code training program to highlight software vulnerabilities and defense measures.
-Conduct application security testing quality assurance (QA) throughout the SDLC lifecycle to validate testing processes.
-Support the secure recovery of applications in alignment with IT Service Continuity Management (ITSCM) standards.
-Support for cloud risk assessment
•Consulting & Innovation Support:
-Besides the supporting part of this function formally required quality gate checks are essential in each project phase. Based on the current system development phase defined rulesets apply to ensure that security requirements are integrated as early as possible. The EPM has the responsibility to guide IT projects through this process.
•Proactive Guidance:
-Actively communicate and keep abreast of the latest trends in application security.
-Stay current on industry leading practices.
-Monitor application security threats and incorporate leading practices.
-Proactively identify opportunities for improvements in application security. Facilitate meetings with business members and participate in discussions relating to changes in application security standards.

 

•Education
- University degree in Computer Science,Information Systems, Engineering,Information Security,Cybersecurity or a related field is required
•Experience
- At least one of the following certifications is required or must be obtained within your first 12 months of employment at DGRC: CISSP, CASS, ISA,GWEB, CSSLP, or ECSP,TISP in combination with TPSSE, CSSLP (or comparable)
-Following certifications are preferred: CISA (or comparable)
-Minimum of 3 years of relevant work experience in security architecture and engineering
-Experience with a wide variety of application technologies and testing tools
-Experience in application software planning, development and integration into proposed business solutions
-Experience implementing comprehensive application testing methodology
-Experience identifying, evaluating and managing risk in a complex and changing environment
-Experience in developing and implementing countermeasures to identified application security risks
-Experience interacting with development teams to articulate security requirements and processes while collaborating on architecture and engineering design options, implementation, testing and user acceptance
-Highly proficient in the configuration and deployment of applications in complex environments
-Experience in working with software developers throughout the software development life-cycle (SDLC)
-Experience supporting security in DevOps processes
-Working knowledge of NIST, Open Web Application Security Project (OWASP) and Open Source Security Testing Methodology Manual (OSSTMM)
-Hands-on development experience and working knowledge of web application languages and framework
-Experience discerning an organizations security controls for application software based on vulnerabilities and business needs
-Experience in working with higher management levels is an advantage
•Specific Knowledge
-Deep understanding of a large organizations software related IT security principles and methods
-Knowledge of IT guidelines and corporate IT policies, IT standards, knowledge of IT council organization
-Highly proficient in the configuration and deployment of applications in complex environments
-Advanced ability to identify security vulnerabilities form source code reviews and testing
-Knowledge of application vulnerabilities such as parameter manipulation, injection attacks, buffer overflows and cross-site scripting
-Ability to evaluate technical concepts and solutions and to suggest alternative solutions
-Knowledge of application functionality such as authentication, authorization, data validation, encryption, exception handling, logging and language frameworks
-Strong understanding of software design tools, methods, techniques, and debugging principles
-Hands-on development experience and working knowledge
-Fluent in business English
-German would be an advantage
-High level of time management, organizational skills, and attention to detail with integrity and ownership of work.
-Solid ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means
-Strong ability to deal with conflicts
-Experience working on a global team is preferred
-Ability to motivate and find innovative solutions to implement the cyber security strategy
-Willingness to travel to Germany for exchange with Security professionals and training activities

Usage of Cookies

Daimler uses cookies for optimal visualization and ongoing improvement of the website. By using this website you agree to the usage of cookies.