Back to search
conga-connect - a congatec aReady solution Linkedin · Posted 13d ago

Title Software Threat Modelling Specialist (m/f/d)

Germany

Linkedin
Continue to application Add your email once, then Caio opens the original posting.

Indexed description

Search by Keyword

Search by Location

Show More Options

Loading...

Experience Level

All

Location

All

Clear

Select How Often (in Days) To Receive An Alert

Select how often (in days) to receive an alert:

Apply now »

Software Threat Modelling Specialist (m/f/d)

- required immediately, permanent -

Your Tasks

  • Perform systematic threat-modelling for our software products; e.g. web applications, firmware implementations (UEFI, bootloader,…), relevant other software implementations of congatec products
  • Apply established threat-modelling methods (e.g. STRIDE) and maintain architecture and data flow diagrams as a basis
  • Identify and document threats, evil user stories/ attack paths, assumptions and corresponding security controls for our products
  • Integrate threat-modelling into the product and engineering lifecycle (e.g. new features, major architectural changes, new integrations)
  • Make recommendations and derive security requirements and acceptance criteria for user stories in close collaboration with Product Management and Engineering
  • Support design reviews and influence security-related design decisions for our software architecture
  • Assess identified threats in terms of business impact, customer impact and compliance requirements
  • Prioritize risks together with Product Management and translate them into actionable items in product backlogs and roadmaps
  • Define and track mitigation measures (e.g. hardening steps, design changes, additional security controls) and verify their effectiveness
  • Develop and refine a threat modelling framework tailored to our software products, including reusable templates and patterns
  • Conduct workshops and training on secure design and threat modelling techniques for development, architecture and product teams
  • Act as a key advocate for “Security by Design” and “Product Security” across the organization

Your Profile

  • Degree in Computer Science, Software Engineering, Information Security or a comparable qualification
  • Several years of proven experience in threat-modelling software products or platforms
  • Strong background in collaborating with product, architecture and software development teams in an agile environment
  • In-depth knowledge of at least one threat modelling methodology (e.g. STRIDE, LINDDUN, PASTA) and its practical application in real projects
  • Very good understanding of modern software architecture (e.g. CPU partitioning)
  • Solid understanding of common security threats and vulnerabilities (e.g. OWASP Top 10)
  • Familiarity with relevant standards and frameworks (e.g. OWASP ASVS, NIST, ISO 27001, IEC62443) in the context of software product security is an advantage
  • Experience with at least one programming language (e.g. Java, C#, C++, Go, Python, JavaScript/TypeScript) to understand implementation details
  • Hands-on experience with threat-modelling documentation practices and common tooling (e.g. Git, CI/CD pipelines, ticketing and documentation systems)
  • Structured, analytical and solution-oriented way of working with strong communication skills towards technical and non-technical stakeholders
  • Confident in running workshops and moderating discussions in cross-functional teams
  • Fluent in English and German; additional languages are an advantage

Become part of our successful team!

We look forward to receiving your complete application.

HR Contact

Tel. +49(991)2700-142

Apply now »

Free. 20 seconds. No password. See every match in this search.

Create a free Caio profile to unlock more results and save your role and location preferences.

Unlock free search
Want help applying to roles like this? Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent