Title Software Threat Modelling Specialist (m/f/d)
Indexed description
Search by Location
Show More Options
Loading...
Experience Level
All
Location
All
Clear
Select How Often (in Days) To Receive An Alert
Select how often (in days) to receive an alert:
Apply now »
Software Threat Modelling Specialist (m/f/d)
- required immediately, permanent -
Your Tasks
- Perform systematic threat-modelling for our software products; e.g. web applications, firmware implementations (UEFI, bootloader,…), relevant other software implementations of congatec products
- Apply established threat-modelling methods (e.g. STRIDE) and maintain architecture and data flow diagrams as a basis
- Identify and document threats, evil user stories/ attack paths, assumptions and corresponding security controls for our products
- Integrate threat-modelling into the product and engineering lifecycle (e.g. new features, major architectural changes, new integrations)
- Make recommendations and derive security requirements and acceptance criteria for user stories in close collaboration with Product Management and Engineering
- Support design reviews and influence security-related design decisions for our software architecture
- Assess identified threats in terms of business impact, customer impact and compliance requirements
- Prioritize risks together with Product Management and translate them into actionable items in product backlogs and roadmaps
- Define and track mitigation measures (e.g. hardening steps, design changes, additional security controls) and verify their effectiveness
- Develop and refine a threat modelling framework tailored to our software products, including reusable templates and patterns
- Conduct workshops and training on secure design and threat modelling techniques for development, architecture and product teams
- Act as a key advocate for “Security by Design” and “Product Security” across the organization
- Degree in Computer Science, Software Engineering, Information Security or a comparable qualification
- Several years of proven experience in threat-modelling software products or platforms
- Strong background in collaborating with product, architecture and software development teams in an agile environment
- In-depth knowledge of at least one threat modelling methodology (e.g. STRIDE, LINDDUN, PASTA) and its practical application in real projects
- Very good understanding of modern software architecture (e.g. CPU partitioning)
- Solid understanding of common security threats and vulnerabilities (e.g. OWASP Top 10)
- Familiarity with relevant standards and frameworks (e.g. OWASP ASVS, NIST, ISO 27001, IEC62443) in the context of software product security is an advantage
- Experience with at least one programming language (e.g. Java, C#, C++, Go, Python, JavaScript/TypeScript) to understand implementation details
- Hands-on experience with threat-modelling documentation practices and common tooling (e.g. Git, CI/CD pipelines, ticketing and documentation systems)
- Structured, analytical and solution-oriented way of working with strong communication skills towards technical and non-technical stakeholders
- Confident in running workshops and moderating discussions in cross-functional teams
- Fluent in English and German; additional languages are an advantage
We look forward to receiving your complete application.
HR Contact
Tel. +49(991)2700-142
Apply now »
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search