As a Cyber Security Architect, your primary goal will be to ensure a secure and trustworthy customer journey. Join our team at Mercedes Benz Financial Services (MBFS) to enhance our cybersecurity capabilities by executing the global AE (Architecture and Engineering) strategy consistently across the region. Reporting directly to the MBFS Architecture and Engineering Lead, you will play a vital role in deploying and operating application security capabilities, solutions, and requirements. Your expertise will contribute to the secure profiling of critical applications, code reviews, application-focused attack and penetration testing, and the identification and remediation of application-level vulnerabilities. By meeting MBFS' risk management needs and business requirements, you will play a critical role in safeguarding our organization.
Key Responsibilities:
1. Application Security:
• Deploy and operate application security capabilities, solutions, and requirements consistently across the region.
• Systemically identify and document application-level vulnerabilities.
• Communicate identified vulnerabilities and recommended mitigation strategies.
• Coordinate with the markets and monitor remediation activities.
• Provide guidance and recommendations for remediating application vulnerabilities.
• Track and report on the status of remediation efforts.
• Facilitate and deliver targeted application security training.
2. Secure Profiling Service:
• Identify and document threats using STRIDE and other MBFS techniques for critical applications.
• Provide recommendations for the identified threats.
• Coordinate and maintain the list of remediation activities.
Qualifications and Skills:
• Relevant certifications such as CISSP, CISM, or CEH are required.
• Proven experience in application security, architecture, and engineering.
• Strong understanding of code review methodologies and application-level vulnerabilities.
• Proficiency in conducting application-focused attack and penetration testing.
• Knowledge of risk management frameworks, regulatory requirements, and industry best practices.
• Excellent communication skills with the ability to effectively convey complex security concepts to technical and non-technical stakeholders.
• Strong analytical and problem-solving abilities.
Conditions:
• Minimum 8 years of relevant work experience in cybersecurity architecture and engineering.
• Experience with a wide variety of Threat Modelling tools and other tools to include:
o Microsoft Threat Modelling Tool
o Burp Suite
o ThreatModeler
o IriusRisk
• Experience in developing and implementing countermeasures to identified application security risks.
• Experience interacting with development teams to articulate security requirements and processes while collaborating on architecture and engineering design options, implementation, testing and user acceptance.
• Experienced in Threat Modelling including creation of Data Flow Diagrams
• Experience identifying, evaluating and managing risk in a complex and changing environment.