Lead Security Architect/CISO

The world is changing in the way we consume products, from ownership to usership, and DigitalRoute is positioned in the centre of the transition. Because, when enterprises pivot to usage-based business models, they often make an unfortunate discovery. Their systems weren’t built to handle the massive data volumes and complexity that usage-based models generate. This causes them to leak revenue and respond too slowly to customer demand. DigitalRoute solves this by creating a real-time usage data layer for enterprises. Our products transform raw usage data into clear information for billing, in real time and at high scale.

We are looking for a passionate security professional to join our company and instrument the transition to a true SaaS-organization. We have a variety of interesting tasks to solve in different security domains – from classic cybersecurity (InfoSec) to product security architecture (AppSec) and automation (DevSecOps). Also, we keep a very open mind – the main criterion for this role is to deliver value and continuously improve DR’s security posture on an intense cloud journey.

What you'll do

As Lead Security Architect/CISO you will be our main expert in software security topics at DigitalRoute, with three core areas of responsibility

• Ensuring DigitalRoute delivers software and services that are secure and guarantee data privacy without sacrificing usability. You will be working with product architects, developers and service leaders to architect and build current and future products that are secure by design. (AppSec)
• With our DevOps and SRE teams, you will introduce, integrate and adjust security tools, checks and tests – all as part of CI/CD, continuously scanning code for issues and vulnerabilities. (DevSecOps)
• You will play a key role in maintaining, renewing and improving our security according to ISO27001, ISO9001 and SOC2 standard certifications. As the most senior security expert at DigitalRoute you will also be holding the title of Chief Information Security Officer, consulting with our Compliance Manager and Head of Internal IT on security topics. (InfoSec)

You do not have to be equally skilled in all three areas – the most important is being curious and willing to learn and master these domains.

What you'll bring

• Experience working as a security architect, InfoSec consultant, CISO or other security-focused role is an advantage.
• Deep understanding of key security concepts – from encryption algorithms to incident response procedures.
• MSc. in computer science, or Information Security, or equivalency of education and work experience is desired.
• Structure, persistence, planning skills including natural aptitude to enthuse and engage people and share knowledge.
• Ability to explain complex concepts in simple terms and talk to various audiences – from developers to executive leadership.
• Be brave to challenge the status quo and able to identify opportunities for improvement, get the teams on-board and oversee the execution.
• Lead by example and stay close to teams, problems and solutions.

Further we believe you to have experience in at least one of the following security tracks. We acknowledge that the three tracks are hard to master at the same time – if you feel you fit at least one of them well and are interested in other ones, do not hesitate to apply.

AppSec track:

• Experience in building and running cloud-native products, forklifting and refactoring on-prem products for SaaS (K8S, microservices, AWS/Azure/GCP).
• Hands-on development or scripting experience (I.e. Java, JavaScript, bash), being able to read and understand the code flows and secure the product.
• Knowledge and know-how in threat modeling, security design, code review, security testing.

DevSecOps track:

• Experience working with SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing) and SCA (Software Composition Analysis) tools.
• Understanding how to make the tools an integral part of the development lifecycle and ensure the quick feedback loop for all findings.
• Knowledge of modern build and delivery systems and tools for both on-prem and cloud (I.e. Jenkins, ArgoCD, Github Actions, helm, Terraform)

InfoSec track:

• Good knowledge of ISO27001 and/or SOC 2 standards and controls, participation in previous audits.
• Experience in building lightweight yet effective processes that ensure security for the entire organization.
• Ability to set a strategic direction, identify key initiatives and drive their execution in the security domain.