Application Security Expert (DevSecOps)

About

The Application Security Expert (DevSecOps) defines the global security requirements for development, operation and maintenance of applications either build to be part of a GEA standard product, specific to an individual customer project or offering a service to our customer. The Application Security Expert (DevSecOps) is part of the Product and Operational Technology Security Team within the CISO organization and first contact for Application Development Teams on all secure development related topics.

Responsibilities / Tasks

The Application Security Expert (DevSecOps) is responsible for defining global security requirements for the development, operation, and maintenance of all GEA applications, including those embedded in standard products, tailored for customer projects, or delivered as digital services. As part of the Product & Operational Technology Security Team within the CISO organization, this role acts as the primary advisor to application development teams worldwide. The expert drives the adoption of secure‑by‑design practices, ensures alignment with enterprise security objectives, and strengthens GEA’s overall application security posture through proactive guidance and cross‑functional collaboration

• Defines and governs global security requirements, procedures, and processes for application software development, ensuring consistent alignment with enterprise product security standards.
• Leads the global implementation of security tools and platforms across the secure development lifecycle (SDLC), enabling scalable and automated security integration in development workflows.
• Evaluates and ensures adherence to security requirements across all software development teams, divisions, global locations, and external development partners.
• Conducts strategic security reviews and audits, providing oversight and visibility into the effectiveness of secure development practices and driving continuous improvement.
• Define and implement security controls for AI‑enabled products and applications, ensuring protection of data, models, APIs, and runtime environments.
• Establish and enforce secure software development practices when AI tools are used (e.g., code generation, code review, testing, documentation).
• Identifies and interprets legal, contractual, and customer security requirements, ensuring application development processes remain compliant and future‑ready.
• Drives SDLC adoption and maturity, guiding development locations in establishing robust, repeatable, and secure engineering processes.
• Serves as the primary security advisor to application development teams, providing expert guidance on architecture, risk mitigation, and secure engineering methods.
• Builds and sustains strong partnerships with divisional leadership, managing directors, process owners, and development leads to advanced global application security objectives.
• Defines and oversees key security KPIs, ensuring meaningful reporting and transparency across the organization and enabling data‑driven decision making.
• Implements a risk‑based approach for assessing application security, encompassing code analysis, testing, threat modeling, and continuous risk monitoring.
• Collaborates with global asset owners to ensure security controls, measures, and vulnerabilities are effectively implemented, managed, and reported across all relevant software assets.
• Supports security incident analysis and forensics for application‑related breaches, contributing to organizational learning and resilience.
• Continuously monitors industry trends and DevSecOps best practices, ensuring that security requirements, processes, and tooling evolve in line with modern standards

Your Profile / Qualifications

• Bachler or master’s degree in Information Technology/ Computer Science / Cybersecurity, or a related technical discipline
• DevSecOps Certifications advantageous
• Security certifications such as CISSP, CCSP, GIAC Certified Intrusion Analyst (GCIA), GIAC Certified Incident Handler (GCIH) are a plus.
• 3 years combined experience in Software Engineering, DevOps, and/or Information Security.
• 3+ years of experience with software development
• Very well knowledge of (cyber) security technologies and methods (threat landscapes, models, standards)
• Knowledge and experience with typical DevOps and DevSecOps tooling (CI/CD tools, github, k8s, docker, linux, etc)
• Experience with application security tooling such as SAST, DAST, SBOM Tools, SCA, container and IaC scanning
• Understanding of source code risks when generated or assisted by AI, including license compliance and hidden vulnerabilities
• Know-how in management systems, audits, dealing with audit-findings
• Knowledge of secure usage patterns for generative AI tools in software engineering
• Knowledge of compliance standards like CIS, NIST and DISA
• Knowledge security standards such as ISO, PCI, HIPAA and SOX advantageous
• Experience in system and network design
• Experience in O365 and Azure Security
• Experience in multivendor Management and dealing with multiple suppliers
• Knowledge in any of GEA’s target industries advantageous
• Strong interpersonal skills in communication and collaboration
• Negotiation skills at different levels (customers, suppliers)
• Strong communication skills, in English, local language is a plus
• Strong analytical ability, business acumen, problem solving skills
• Ability to work successfully as part of a team