Senior Software Security Architect CT (m/f/d) (m/w/d)

Focus: Security by Design & Secure Software Integration in Customer Projects

You worry more about insecure interfaces than about downtime – and for you, software is only “done” when it’s securely integrated?

At Giesecke+Devrient Currency Technology (CT), you protect the software landscape around the cash cycle: from supplier applications to in‑house CT solutions running in high-security cash centers, banknote printing facilities and data centers worldwide.

Your responsibilities

• Ensure that internal and external software components follow “Security by Design” principles – from architecture to go-live in customer projects.
• Derive and manage security requirements from contracts, standards and customer expectations, and turn them into clear guidelines for projects and suppliers.
• Perform threat and risk assessments for applications and integrations and define concrete, prioritized mitigation measures.
• Review software, interface and integration designs from a security perspective and closely align with internal teams and customer IT.
• Oversee SSDLC / secure SDLC practices for third-party developments and coach internal teams on secure development best practices.
• Coordinate vulnerability management, patch strategy and exception handling for all integrated software components.
• Plan, supervise and validate security testing and define security acceptance criteria for key project milestones.
• Produce customer-facing security documentation and audit artefacts and drive security topics in workshops and supplier reviews.

Your profile

• University degree in Computer Science, Information Security, Electrical Engineering or a comparable STEM field – or an equivalent qualification.
• Several years of experience designing and assessing secure software architectures and integrations, ideally in critical infrastructure, manufacturing or a security/software tech environment.
• Application security is your passion; you have hands-on experience with frameworks such as OWASP SAMM, NIST SSDF (SP 800‑218) and IEC 62443‑4‑1.
• Strong background in threat modeling, risk assessments and common vulnerability classes (e.g. OWASP Top 10, CWE) plus practical mitigation strategies.
• Experience with secure SDLC/SSDLC processes, CI/CD pipelines and typical security gates (code reviews, security testing, release approvals).
• Ability to analyze complex security topics, document them clearly and communicate them convincingly to developers, project managers, customers and suppliers.
• Very good English skills (written and spoken); French is a strong plus, German is an advantage.
• High willingness to travel (around 25 % internationally) and to work in interdisciplinary, globally distributed project teams.

$$ We are an equal opportunity employer! We promote diversity in all its forms and create an inclusive work environment, free from prejudice, discrimination and harassment, in which all employees feel a sense of belonging. We warmly welcome all applications regardless of gender, age, race or ethnic origin, social and cultural background, religion, disability and sexual orientation. 

 $$ Hannah Distler $$ career@gi-de.com $$ $$ $$ https://career5.successfactors.eu/career?company=gieseckede&career_job_req_id=26681&career_ns=job_application