R&D Security Manager (m/w/d)

Apply now »

Date: May 20, 2025

Location: DE

Company: nemetschek

What will your responsibilities look like?

  • Implement comprehensive security strategies for the R&D department as part of the product development process (Agile Sprint Planning) and Reporting to Brand CISOs
  • Establish a train the trainer initiative for awareness and knowledge exchange throughout the R&D personnel
  • Review and Implement source code repository hardening and change management according to guideline
  • Prioritize security issues in Sprint backlog
  • Act as interface to Shared Services
  • Establish Security Documentation (Setup and Maintenance of the Framework)
  • Identify and document vulnerability remediation information (based on CVSS 4) to R&D engineers
  • Identify and assess security risks related to R&D activities, including intellectual property, confidential data, and emerging technologies
  • Ensure compliance with relevant security regulations like GDPR, industry standards, and company policies in software development through workshops

 


What do we expect from you?

Education & Experience:

  • Bachelor’s or Master’s degree in Information Security, Computer Science, Engineering, or related field.
  • Multiple years of experience in a security role, preferably within R&D or high-tech environments.

 

Technical Skills:

  • Deep knowledge of cybersecurity technologies, such as web application firewalls, DAST, API security, Cloud and App Monitoring, XDR
  • Familiarity with security challenges in R&D, such as secure coding, technology transfer, and emerging technologies.

 

Technical Writing:

  • Strong abilities for creating clear and comprehensive security documentation. 
  • OWASP Top Ten: In-depth knowledge of the security risks and practical experience in mitigating these vulnerabilities.
  • Understanding of product development lifecycles and integrating security into R&D processes.
  • Proficiency in security-related software like Snyk and Jira.
  • Pentesting

 

Soft Skills:

  • ”Speaking Developers Language”
  • Strong problem-solving skills and the ability to manage complex projects.
  • Excellent communication and collaboration skills to work with multidisciplinary teams.
  • High ethical standards and attention to detail.
  • Mentoring and knowledge transfer

 

Certifications (preferred):

  • Certified Information Systems Security Professional (CISSP)
  • Certified Secure Software Lifecycle Professional (CSSLP) or similar

 

 

Why Nemetschek?

  • Impact: We offer you a diverse position in a motivating work environment where you can realize your ideas.
  • Sustainable Growth: In our sustainably growing and innovative company you have the chance to develop yourself further.
  • Culture: With us you work in an international team with flat hierarchies and short decision-making processes, in which you can make a difference.
  • Work-Life-Balance: We offer you various benefits in the areas of sports, nutrition, childcare and much more.
  • Health: The health of all employees is important to us, which is why we offer you a wide range of health and preventive care services.
  • Hybrid Way Forward: Through mobile working and variable working hours without core working hours, we enable you to be flexible, both professionally and privately.