You drive our secure development practices across our product portfolio, with primary focus on our flagship product Engineering Base.
Together with software architecture, development and infrastructure teams, you establish secure-by-design principles and integrate security into the software development lifecycle, aligned with current industry standards and regulatory expectations.
You are hands-on, pragmatic, and able to translate security requirements into implementable technical solutions. You work closely with development teams to make security practical, scalable, and developer-friendly for the benefit of our clients. In this role, you directly influence the security of our development processes and products — today and in the future.
If you are excited about engineering and technology and have a joy and passion for teamwork, we can’t wait to meet you. Become part of our growing team and join us in creating another success story.
Your areas of responsibility:
Secure development:
- Integrate security into the Software Development Lifecycle, including threat modelling, secure coding and automated security testing, balancing effective security measures with developer experience
- Define and maintain secure coding standards and processes as well as con-tributing to the selection and rollout of state-of-the-art security tools and technologies
- Conduct and review threat modelling and security-focused code reviews
- Integrate security controls into CI/CD and development and test workflows
- Mentor colleagues on secure development practices
Authentication and Authorization:
- Support the secure design of authentication and authorization mechanisms in collaboration with the software and IT architecture and infrastructure teams
- Contribute to our existing Kerberos, delegation, and service account patterns as well as our efforts to implement identity standards such as Microsoft Entra ID, OAuth2, and OpenID Connect (OIDC)
Vulnerability and Dependency Management:
- Support the internal team for risk-based vulnerability assessment and prioriti-zation as well as third-party dependency management and SBOM processes
Regulatory and audit support:
- Align product security with NIS-2 and Cyber Resilience Act requirements
- Support internal and external security audits
Your profile:
Technical expertise: Your experience
- Strong experience in software development in C++ and/or C#
- Strong experience applying secure-by-design principles across the entire lifecycle
- Good knowledge of Windows security model and service accounts
- Good understanding of authentication and authorization concepts (Active Di-rectory, Kerberos, SPN , NTLM, OAuth2, OIDC) with relevant project ex-perience
- Experience integrating security tools into CI/CD pipelines (e.g., SAST, SCA, con-tainer or IaC scanning) is beneficial.
- Familiarity with Microsoft Entra ID and SBOM standards (e.g., CycloneDX) is a plus
Personal attributes: How you work
- Strong cross-team communication skills
- Ability to mentor software engineers on secure development practices
- Structured, risk-based decision making
- Proactive, hands-on, and solution-oriented mindset
- Fluent in German and English (C1, C2).
Security A secure job in a market with a promising future
Freedom Space to explore ideas and work with autonomy
Development Opportunities for personal and professional development
Team spirit An excellent working environment as a member of a dynamic team
Flexibility Flexible working models – from part-time and flextime to mobile working
Benefits Various benefits (public transport ticket, gym membership, bike deals, etc.)
Your contact
"Thank you for your interest in a career with our company! AUCOTEC stands for innovation, team spirit and a future-oriented way of working. We value committed talents who want to shape the world of engineering with us."
Beatrix Tillmann, Assistant Executive Board