R&D Security Manager (m/w/d)

Apply now »

Date: Jun 18, 2025

Location: DE

Company: nemetschek

The Nemetschek Group is a pioneer for the digital transformation in the AEC/O industry and focuses on the use of open standards (OPEN BIM). As one of the world's leading groups in this industry, the Nemetschek Group increases the quality in the construction process with its intelligent software solutions and improves the digital workflow of all those involved in the process. As a result, buildings can be planned, built, and operated more efficiently, sustainably and with less impact on resources.

 

 

The R&D Security Manager integrates security seamlessly into the product development process, collaborating with Agile teams to embed security in sprint planning and prioritize relevant issues. They establish initiatives like the security champions program including "train the trainer" efforts to enhance security awareness across all R&D personnel. The role also ensures secure source code management, compliance with GDPR, and the creation of security documentation frameworks. By monitoring emerging threats and managing vulnerabilities, the manager safeguards intellectual property and sensitive data while serving as the main interface between R&D and Shared Services for security matters.

 

 

 

What will your responsibilities look like?

  • Implement comprehensive security strategies for the R&D department as part of the product development process (Agile Sprint Planning) and Reporting to Brand CISOs
  • Establish a train the trainer initiative for awareness and knowledge exchange throughout the R&D personnel
  • Review and Implement source code repository hardening and change management according to guideline
  • Prioritize security issues in Sprint backlog
  • Act as interface to Shared Services
  • Establish Security Documentation (Setup and Maintenance of the Framework)
  • Identify and document vulnerability remediation information (based on CVSS 4) to R&D engineers
  • Identify and assess security risks related to R&D activities, including intellectual property, confidential data, and emerging technologies
  • Ensure compliance with relevant security regulations like GDPR, industry standards, and company policies in software development through workshops

 


What do we expect from you?

Education & Experience:

  • Bachelor’s or Master’s degree in Information Security, Computer Science, Engineering, or related field.
  • Multiple years of experience in a security role, preferably within R&D or high-tech environments.
  • Very good German skills

 

Technical Skills:

  • Deep knowledge of cybersecurity technologies, such as web application firewalls, DAST, API security, Cloud and App Monitoring, XDR
  • Familiarity with security challenges in R&D, such as secure coding, technology transfer, and emerging technologies.

 

Technical Writing:

  • Strong abilities for creating clear and comprehensive security documentation. 
  • OWASP Top Ten: In-depth knowledge of the security risks and practical experience in mitigating these vulnerabilities.
  • Understanding of product development lifecycles and integrating security into R&D processes.
  • Proficiency in security-related software like Snyk and Jira.
  • Pentesting

 

Soft Skills:

  • ”Speaking Developers Language”
  • Strong problem-solving skills and the ability to manage complex projects.
  • Excellent communication and collaboration skills to work with multidisciplinary teams.
  • High ethical standards and attention to detail.
  • Mentoring and knowledge transfer

 

Certifications (preferred):

  • Certified Information Systems Security Professional (CISSP)
  • Certified Secure Software Lifecycle Professional (CSSLP) or similar

 

 

Why Nemetschek?

  • Impact: We offer you a diverse position in a motivating work environment where you can realize your ideas.
  • Sustainable Growth: In our sustainably growing and innovative company you have the chance to develop yourself further.
  • Culture: With us you work in an international team with flat hierarchies and short decision-making processes, in which you can make a difference.
  • Work-Life-Balance: We offer you various benefits in the areas of sports, nutrition, childcare and much more.
  • Health: The health of all employees is important to us, which is why we offer you a wide range of health and preventive care services.
  • Hybrid Way Forward: Through mobile working and variable working hours without core working hours, we enable you to be flexible, both professionally and privately.