Information Security Architect (CISSP or CSSLP Certification is Mandatory.)
 
1. Security Architecture2. Perform cyber architecture reviews in alignment with Daimler AG, IT Enterprise Architecture, IT Identity and Access Management and other relevant stakeholder requirements.
3. Leverage global tools and techniques to consistently capture, model and analyze security architecture options
4. Establish concepts for secure integration of systems/networks, ensuring end-to-end security for data flows.
5. Take part in projects to ensure the proposed/implemented architecture is in line with security requirements.
6. Contribute to business integrations after acquisitions/mergers to ensure these are commenced in line with security standards.
7. Review existing architectures to identify opportunities to incorporate innovative approaches including Cloud Security Architecture, Mobile Platforms and Secure Web Gateway (e.g. API Security).

- Threat modelling0. Work closely with the development teams to understand applications in depth to document the application details including the security architecture, attack surface, trust boundaries and data flows.
1. Develop Threat Models that enumerate cybersecurity threats by attack surface. Document and verify the existing security mitigations and identify if additional mitigations are required for our products.
2. Able to find risk based threats & articulate to business why this threat is a risk

- SAST (Static Application Security Testing)0. Experience with several programming languages like C#, Java, Python, JavaScript etc.
1. Reviewing application code against the secure coding baseline and practices
2. Experience on both commercial and open source tools Fortify, AppScan Source, CheckMarx
3. Vast experience in removing false positives & analyzing static scan reports from tools like CheckMarx, Appscan etc.

 
0. DAST (Dynamic Application Security Testing)
0. Experience in security tests on various software applications.
1. Experience in performing security tests on Network & its underlying Infrastructure
2. Keep up with the latest methods for ethical hacking and testing.
3. Assist development teams in understanding security issues, relevant risk levels and its likelihood.
4. Experience on both commercial and open source tools AppScan, BurpSuite, Kali Linux etc.
5. Ability to plan and create penetration methods, scripts and tests
6. Advise on methods to fix or lower security risks to systems
7. Consider the impact your 'attack' will have on the business and its users
8. Create reports and recommendations from your findings
9. Present your findings, risks and conclusions to both technical and non-technical audiences