Security Application Engineer

Náplň práce, právomoci a zodpovednosti:
• As part of our SecDevOps team, you enable the delivery of high-quality, secure software
• You are responsible for integrating and fine-tuning security measures in CI/CD pipelines (e.g., by integrating SAST, DAST, and SCA tools) and for implementing security-relevant core mechanisms in our OMNIS software
• You conduct regular security assessments, including architecture and code reviews as well as threat modeling
• You plan and execute comprehensive penetration tests, vulnerability scans, and fuzzing tests
• You support the triage and prioritization of vulnerabilities
• You contribute to the development of security policies and guidelines (e.g., secure coding principles, security control blueprints)
• As a security expert, you share your knowledge with development teams

Zamestnanecké výhody, benefity:
• Interesting projects based on the newest technologies
• Opportunity for self-improvement and career growth
• Internal & external software development education and trainings fully paid by company
• participation in European test conferences and workshops fully paid by company
• Metrohm Employee Exchange Programs and several introduction trainings (partially in Switzerland)
• International environment, team buildings
• Flexible working time + overtimes compensation, occasional home office
• 25 vacation days/year, sickness compensation
• Employee Budget - 65€/month
• Loyalty budget - 100€/month (after 1 year in company)
• LTERP program - after 2/4/8/12 years in company possibility of special financial bonus or/and sabbatical
• Language courses (en, de) fully paid by company
• Referral & relocation bonus
• Lunch Vouchers covered by Metrohm, free fruit, coffee in office, Air Hockey :-)

Požiadavky na zamestnanca:
• You have a higher education degree or advanced training in computer science and are familiar with agile methods and tools
• You have a solid understanding of common vulnerabilities (e.g., OWASP Top 10)
• You possess strong knowledge of current security best practices within the software development lifecycle, ensuring security is integrated at every stage
• Your strong .NET skills enable you to read, understand, and identify vulnerabilities in code
• You have practical experience with security testing tools (e.g., Burp Suite, ZAP, etc.)
• Security certifications such as CISSP, CSSLP, CASE, CEH, GPEN, GWPT, BSCP, OSCP, OSWE, or similar are an advantage
• You enjoy working in a team, sharing knowledge, and have a strong focus on quality