Security Development LifeCycle (SDL) Specialist
IT & Security – Security
We are AID GmbH:
AID-Autonomous Intelligent Driving is bringing together the world’s top software, roboticists and AI talent to ignite a human centered revolution in autonomous driving. By understanding the human challenges as well as the engineering ones, the technology we are testing today on the streets of Munich will become the backbone of a universal self-driving system – capable of improving life in urban environments for billions of people. With the agility of a start-up and the support of Audi (VW Group), AID is free to craft an autonomous world that works for everyone – from manufacturers to passengers to city planners to pedestrians. For us, the future isn’t about merely making vehicles more autonomous, it’s about making people more autonomous.
AID is looking an individual who has a passion for application security and can drive SDL activities across engineering teams and implement the cybersecurity best practices required to build a highly secure Self Driving System. In this position, the security expert will ensure the cybersecurity practices are executed in an efficient and effective manner. Strong technical skills and crisp communication are essential for being successful in this role.
- As the cybersecurity expert serve as a consultant, advisor, and coach in guiding the engineering teams through SDL practices such as threat modelling, secure coding standards, static code analysis, security code reviews, fuzzing, etc. in a hands-on manner
- Work with product managers to ensure existing and new initiatives are prioritized and scoped with acceptance criteria
- Collaborate with engineering teams to shape the security development culture at AID by conducting trainings and workshops
- Drive key initiatives like supply chain security and bug bounty programs
- Scale the SDL program through automation as much as possible and foster tool building over following manual processes
- Drive adoption of security standards like ISO 21434 within the agile development practices followed by engineering teams
- Track maturity of the SDL program using BSIMM based metrics
- Coordinate and facilitate pen-testing activities with third party assessors as necessary and prioritize the remediation plan with respective engineering teams
- Identify, escalate, and ensure security risks are properly addressed prior to release
- Lead a variety of security risk assessments for applications, systems, and tools
- Architect mitigation strategies to reduce security risk and enable the company goals
- Build and nurture positive working relationships with stakeholders and leadership and be engaged as a trusted advisor
- Create a working environment that motivates and inspires fellow engineers to accomplish security goals
- Experience influencing security decisions at all levels in the company
- Convince highly technical audiences on security implications and pushing them for action
- Excellent written and verbal communications skills
- Articulate and persuasive communicator with excellent presentation skills with strong analytical and problem solving skills
- Specialist in identifying the InfoSec risk exposure and providing solutions
- Track record of operating autonomously across multiple teams
- Deep expertise with common security attacks vectors and customer impact
- Bachelors or Masters degree in engineering with minimum 8-10 years of experience in leading and managing security programs in the technology realm
- Demonstrated ability to develop threat models, analyze threats and rate them in terms of severity
- Adept at embedding SDL activities within agile / devops style environment
- Ability to understand complex technical systems
- Excellent leadership, teamwork, and collaboration
- Experience in generating automated metrics to measure SDL effectiveness
- Results oriented and high energy individual
- Self starter and team player
- Negotiation for win-win; proven ability to influence without authority
Life at AID GmbH:
Our state-of-the-art offices are in the heart of beautiful Munich. We’re an agile, creative and dynamic start-up with people, innovation and teamwork at the core of our values. We reward our employees with excellent salary and benefits packages including, on-site language courses, mobile phone, subsidized lunches in the company bistro, subsidized gym membership, social events, BBQ’s and much more.
We value diversity and as an equal opportunities employer we encourage applications from all suitably qualified individuals. AID is a multicultural organization with employees from over 40 different countries, as such we provide visa and relocation support to all new employees. As an organization our primary business language is English, so where possible please provide a copy of your resume in English.
What are you waiting for? Help us to build the future.