congatec

Software Threat Modelling Specialist (m/f/d)

congatec  •  Onsite  •  5 days ago
Apply
AI can make mistakes so check important info. Chat history is never stored.

Job Description

Your tasks:

  • Perform systematic threat-modelling for our software products; e.g. web applications, firmware implementations (UEFI, bootloader,…), relevant other software implementations of congatec products
  • Apply established threat-modelling methods (e.g. STRIDE) and maintain architecture and data flow diagrams as a basis
  • Identify and document threats, evil user stories/ attack paths, assumptions and corresponding security controls for our products
  • Integrate threat-modelling into the product and engineering lifecycle (e.g. new features, major architectural changes, new integrations)
  • Make recommendations and derive security requirements and acceptance criteria for user stories in close collaboration with Product Management and Engineering
  • Support design reviews and influence security-related design decisions for our software architecture
  • Assess identified threats in terms of business impact, customer impact and compliance requirements
  • Prioritize risks together with Product Management and translate them into actionable items in product backlogs and roadmaps
  • Define and track mitigation measures (e.g. hardening steps, design changes, additional security controls) and verify their effectiveness
  • Develop and refine a threat modelling framework tailored to our software products, including reusable templates and patterns
  • Conduct workshops and training on secure design and threat modelling techniques for development, architecture and product teams
  • Act as a key advocate for “Security by Design” and “Product Security” across the organization

Your profile:

  • Degree in Computer Science, Software Engineering, Information Security or a comparable qualification
  • Several years of proven experience in threat-modelling software products or platforms
  • Strong background in collaborating with product, architecture and software development teams in an agile environment
  • In-depth knowledge of at least one threat modelling methodology (e.g. STRIDE, LINDDUN, PASTA) and its practical application in real projects
  • Very good understanding of modern software architecture (e.g. CPU partitioning)
  • Solid understanding of common security threats and vulnerabilities (e.g. OWASP Top 10)
  • Familiarity with relevant standards and frameworks (e.g. OWASP ASVS, NIST, ISO 27001, IEC62443) in the context of software product security is an advantage
  • Experience with at least one programming language (e.g. Java, C#, C++, Go, Python, JavaScript/TypeScript) to understand implementation details
  • Hands-on experience with threat-modelling documentation practices and common tooling (e.g. Git, CI/CD pipelines, ticketing and documentation systems)
  • Structured, analytical and solution-oriented way of working with strong communication skills towards technical and non-technical stakeholders
  • Confident in running workshops and moderating discussions in cross-functional teams
  • Fluent in English and German; additional languages are an advantage
congatec

About congatec

congatec is a leading global provider of high-performance hardware and software building blocks for embedded and edge computing solutions based on Computer-on-Modules (COMs). These advanced computer modules drive systems and devices across industries such as industrial automation, medical technology, robotics, telecommunications, and more.

Industry
Hardware & Semiconductors
Company Size
201-500 employees
Headquarters
Deggendorf, DE
Year Founded
2005
Social Media