Luxembourg Job Openings

Deutsche Börse

IT Senior Application Security Engineer (f/m/d)

October 7, 2024

Learn. Develop. Grow. But always: Share value

Join our international team that drives positive change, united by a spirit of openness and curiosity. We empower you to have an impact and to grow – personally and professionally. With us, you work at the heart of financial systems and evolve the way markets operate. We’re excited about the future because we are the ones shaping it. Let´s do this together by sharing value!

Who we are

Tracing its origins to 1585, Deutsche Börse Group has become one of the world’s leading exchange organisations and an innovative market infrastructure provider. In this role, we provide investors, financial institutions and companies access to global capital markets. What’s your part in all this? With your commitment you contribute to the success of our unique business model: offering a wide range of products, services and technologies for security, transparency and integrity on the markets. By creating trust in the markets of today and tomorrow we foster growth and contribute to the prosperity of future generations.

Luxembourg

Your career at Deutsche Börse Group

Your area of work:
Clearstream Funds Service (CFS) IT department builds, maintains and operates a portfolio of applications which provide Clearstream clients state of the art solutions to standardise processing and to increase efficiency and safety in the investment funds sector. Our global funds processing platform Vestima allows for reaching all types of funds, from mutual funds to ETFs and hedge funds.

Your responsibilities:
As part of the IT Engineering Unit acting in the domains of architecture, infrastructure and information security, you will report to the CFS IT Security Lead and take responsibilities in a broad range of application security engineering activities covering the entire CFS IT landscape. Your assignments will include:

Analysing and documenting the security of 20+ applications according to the criteria defined by the corporate Information Security department. Your expertise typically ranges from operating systems to Web applications and includes third-party software and public Cloud services.
Identifying the information security impacts caused by business and technical projects, based on the projects’ requirements and architecture
Performing and documenting the information security risk assessment of the applications along the ISO/IEC 2700x controls
Managing the open information security risks and vulnerabilities for the CFS IT landscape; accurately maintaining the corresponding risk and vulnerability registries; ensuring mitigating measures are properly assigned, implemented and delivered in due time
Defining application penetration test scope, scenarios and following-up on execution; analysing penetration test finding reports
Analysing the information security risks and vulnerabilities; designing, documenting and promoting innovative solutions at application level to mitigate them; analysing relevant third-party patches; analysing and implementing for specific information security projects (e.g. SIEM onboarding, Privileged Access Management…)
Closely interacting with IT development, infrastructure, operation and project management teams as well as with third-party vendors to collect information/communicate on technical security topics
Going hands-on with the CFS IT systems to extract necessary security design information when it is not readily available
Managing the relation with the corporate Information Security department, adequately interacting with their expert resources
Answering to information security enquiries coming from customers, corporate Information Security, or internal/external auditors

Your profile:
Must have:

University Degree (or equivalent) in computer science, with at least 5 years professional experience in IT
Very good technical writing skills; ability to clearly describe complex concepts
Good communication skills with the ability to justify and challenge security design decisions
Sound experience with critical multi-tier Web application security design as architect, security engineer or full-stack application designer
Solid background understanding of base information security concepts such as encryption, authentication, access control, digital signature, data integrity…
Practical experience with the following technologies: Web server, Git, TLS and public-key cryptography, Linux and Windows OS, at least one major Public Cloud Service Provider (Azure, AWS, Google), Shell scripting, RDBMS, Messaging middleware
Ability to digest various abstract requirements in the field of security, and map them to practical situations
At least basic software development skills in a modern object-oriented programming language
Proficiency in written and spoken English; French and German language skills are an asset

Highly desirable:

Knowledge of ISO/IEC 2700x standard
Experience with enterprise application software development, esp. using Java and .net
Experience with identity management/federation/SSO platforms, esp. SAML2 and Open ID Connect
Experience with containers – ideally using Red Hat Open Shift
Experience with the specific security challenges posed by Internet-facing Web applications

Why Deutsche Börse Group?

We are committed to providing a work environment where everyone feels welcome and can reach their full potential. Our standards go far beyond simply matching candidates with the right position.

Mobility

We enable you to move freely with our job tickets, job (e-)bikes and free parking opportunities.

Work environment

Collaboration, communication, or deep focus – in our modern office buildings you will find the perfect work environment. Free drinks and food and meal allowances included.

Health and wellbeing

We care for your health and wellbeing and besides various health promotion measures we offer you a group accident insurance and additional insurance offers at discounted rates.

Financial stability

We provide financial stability by offering attractive salaries, company pension schemes, participation in our Group Share Plan, as well as bonuses, subsidies and discounts.

Hybrid work

Collaborate and exchange on-site or work remotely several days a week in line with business needs and local regulations. Our hybrid working model combines the best of both worlds.

Flexible working hours

We want your job to fit your life situation and offer flexible working time models, childcare allowance, or the possibility to study alongside your job.

Internationality

Our market infrastructures are globally connected. Working with us means collaborating with like-minded colleagues across over 60 locations from more than 100 nations.

Development

We promote individual development by offering internal development programmes, mentoring, further education and training budgets.

Contact

Recruiting Team

Take your career to the next level with us and embrace new challenges!

+496921111810

Our Recruiting Team is looking forward to your call or e-mail.

Ready to start your career with us?

Apply now!

SES

Cyber Security Engineer Intern

PRIVATE EQUITY SENIOR ADMINISTRATOR (M/F) - LUXEMBOURG

August 9, 2024

View Job Description

Hootsuite

Senior Coordinator, Facilities and Administration

Cyber Security Engineer Intern

Betzdorf

November 19, 2024

View Job Description