Job
- Level
- Senior
- Job Field
- IT, DevOps, Security
- Employment Type
- Full Time
- Contract Type
- Permanent employment
- Salary
- from 55.307 € Gross/Year
- Location
- Vienna
- Working Model
- Onsite
Job Summary
In this position, you review automated security scans, consolidate reporting, support DevSecOps pipelines, advise on secure-by-design principles, and plan as well as perform individual security measures.
Job Technologies
Your role in the team
- You are responsible for reviewing and evaluating results from automated security scans (SAST, Software Composition Analysis / Dependency Scans, Vulnerability and Cloud Security Scans).
- You monitor and consolidate reporting of security findings across applications and systems to product management and the InfoSec team.
- You support the Solution Architects in the development and further advancement of DevSecOps mechanisms along the CI/CD pipelines.
- You advise on Secure-by-Design and Secure Coding principles.
- You create, maintain, and further develop MIKE-specific security documentation as a supplement to existing corporate and company documentation.
- You assist in deriving policies for playbooks, architecture, and development guidelines to ensure compliance with regulatory requirements (e.g., NIS2, ISO 27001).
- You plan, coordinate, and execute individual security measures (e.g., penetration tests, targeted application reviews, threat modeling).
- You are an interface to corporate IT security, specialist departments, and external partners (e.g., audits).
This text has been machine translated. Show original
Our expectations of you
Qualifications
- You have an understanding of security standards and regulatory requirements (e.g., ISO 27001, NIS2).
- You have knowledge of agile software development.
- You possess relevant certifications (e.g., CISSP).
- You are familiar with the terms SAST, SCA, DevSecOps, and know how to interpret them.
- You are someone who enjoys questioning the "established processes," lives security, and seeks collaborative solutions.
Experience
- You have several years of experience in information security, IT compliance, or IT risk management.
- You have experience with audits and assessments.
- You have experience or a strong interest in current topics such as Cloud Security or AI in the Security field.
This text has been machine translated. Show original
What we offer
- Your contribution provides a significant added value to the protection and availability of critical European transport and logistics infrastructure.
- You actively contribute to the development and establishment of security processes and bring in your ideas as well as your professional expertise.
- You can expect a pragmatic, practice-oriented, and solution-focused collaboration with experienced development, architecture, and security teams.
- You benefit from flexible working hours and modern work models that support a good work-life balance.
- The health of our employees is important to us, which is why we regularly offer health check-ups.
- A secure and sustainable job with exciting tasks.
- Excellent training opportunities as well as numerous development prospects within the group.
- For the position of "Senior Specialist: Information Security Management," a minimum gross annual salary of €55,307 is provided according to the collective agreement for employees of Austrian railway companies, based on a 38.5-hour workweek. Depending on qualifications and professional experience, overpayment is possible.
This text has been machine translated. Show original
Benefits
Work-Life-Integration
Topics that you deal with on the job
Job Locations
This is your employer
Rail Cargo Austria Ag
With 5,755 employees, subsidiaries throughout Europe and an annual turnover of 1.9 billion euros, the Rail Cargo Group ranks among Europe's leading rail logistics companies. We operate a comprehensive end-to-end logistics network and we link European conurbations and ports with prospering economic centres on the Eurasian continent.
Description
- Company Type
- Established Company
- Working Model
- Hybrid, Onsite
- Industry
- Logistics, Transportation