Application Security Engineer (f/m/d)

Die Frankfurt School of Finance & Management ist eine von EQUIS, AACSB und AMBA international akkreditierte, forschungsorientierte Business School im Universitätsrang. Für Studierende, Executives, Absolventen, Teilnehmer, Kunden und Partner aus der ganzen Welt bieten wir umfassende Bildungs- und Beratungsleistungen an.

Frankfurt School’s Office of Information Technology provides IT services to a diverse community of more than 5,000 students, faculty and staff. Our ever-growing team conceptualises and implements innovative solutions in infrastructure engineering, digital transformation and technical support. We are looking for you to join Frankfurt School’s Office of Information Technology as an

• Develop and enhance security-critical components within our systems as a part of our development team
• Ensure security is embedded throughout the entire SDLC, collaborating closely with developers, product owners, and project managers
• Continuously improve and maintain a high level of application security, identifying and mitigating potential risks
• Provide guidance and training to developers on security best practices and maintain comprehensive security documentation
• Define, monitor, and optimize security metrics to assess and enhance overall security posture
• Conduct security assessments, incl. penetration testing and vulnerability analyses, to identify and address weaknesses

• Degree in Computer Science resp. a related field, or equivalent practical experience
• Proven know-how in web application development, incl. secure implementation practices
• Hands-on experience with Java and JavaScript, incl. common frameworks
• Professional experience in web application security, secure SDLC practices, or security testing
• Strong understanding of REST, microservices, relational databases, and NoSQL, incl. their strengths and limitations
• Profound knowledge of OWASP Top 10 and best practices to mitigate common security risks
• Familiarity with cloud services (AWS experience beneficial)
• Experience with monitoring and security tools (e.g., Prometheus, Grafana, Wazuh), automation tools (e.g., Ansible, Terraform, Pulumi), and security methodologies (e.g., Threat Modeling, SAST, SCA) highly advantageous but not mandatory – curiosity and willingness to dive into security topics essential
• Good English language skills (written and spoken); willingness to improve and apply German language skills
• Strong communication skills as well as the ability to convey complex security concepts clearly
• Commitment to continuous learning and professional development

• Betriebliche Altersversorgung
• Corporate-Benefits-Programm
• Bezuschusste Mensa
• Extraurlaubstage für besondere Anlässe
• Flexible Arbeitszeiten
• Sehr gute Verkehrsanbindung
• Sport- und Fitnessangebote
• Möglichkeiten zur Weiterbildung und beruflichen Entwicklung
• Vergünstigtes Deutschlandticket