IT Security Tech Lead

Who we are:

SimCorp offers an award-winning integrated investment management platform.

Our platform and ecosystem, which comprises partners, services, and third-party connectivity, empowers us to provide 40 percent of the world’s top 100 financial companies with the efficiency and flexibility needed to succeed. SimCorp provides clients with a full front-to-back-offering, whether through a SaaS (software as a service) platform or as an on-premise solution. Globally, we support clients, ranging from central banks and sovereign wealth funds to pension and insurance funds, asset managers, fund managers, asset servicers, and wealth managers.

As a global provider of Software-as-a-Service (SaaS) investment management solutions, SimCorp supports clients 24/7 through delivery centers around the world. Our Global Delivery Centers are located in Manila in the Philippines, Noida in India, Kyiv in Ukraine, Warsaw in Poland, and in Mexico City, Mexico.

Since its foundation in 1971, SimCorp has worked closely with the investment industry to develop a world-class platform. Today, SimCorp is a subsidiary of the Deutsche Börse Group and is headquartered in Copenhagen, Denmark. The combined company employs over 2,800 people globally, spanning more than 30 offices worldwide.

Platform leadership, SaaS acceleration and Ecosystem scaling are the 3 growth levers of SimCorp 2025 strategy and PaaS Operations plays a crucial role in this transformation journey by delivering excellence in client services by delivering a reliable, predictable, cost-effective operations service. As a platform and technology operations team, we also aspire to execute acceleration in standard processes to assist in the growth and efficiency of SimCorp’s SaaS business.

Why is this role important to us:

At SimCorp, we view security as a mandatory capability of any work process involved in software development and operation. Those capabilities are constantly evaluated and improved to meet ever-increasing demands. Join our security team and support us in continuously improving all aspects of providing secure software solutions and services.

As the Security TechLead, you will support a development department of 900 people improving our secure software development life cycle across products and services. You will be part of a team that engages in both secure design and process development.

We are hiring into a broad area of responsibilities where we can and will design a job according to your profile and interests.

For instance, you can focus on technical design and quality assurance. This includes security testing, penetration testing, secure design, secure standards, and threat modeling. You can also focus on process and policy management including risk assessment in case your interests are more on the governance side.

What you will be responsible for:

In this dynamic role, you will be at the forefront of defending our digital landscape, shaping security protocols that are critical to our infrastructure's integrity and resilience. Here's how you'll make a difference:

• Cybersecurity Mastery: Utilize your expertise with tools like Azure, Defender for Cloud, and Sentinel to enhance our security frameworks.
• Strategic Security Leadership: Develop and implement security strategies that align with our business objectives, ensuring the safety and compliance of our operations.
• Innovative Problem Solving: Spearhead initiatives to mitigate risks associated with cyber threats, including ransomware through innovative security solutions.
• Stakeholder Engagement: Work closely with IT and engineering teams to integrate security practices seamlessly into our development and operational workflows.
• Continuous Improvement: Drive continuous enhancements in our security measures, staying ahead of potential threats and maintaining compliance with industry standards.

Your role will be crucial in ensuring that SimCorp remains a secure, innovative leader in financial services, directly contributing to our strategic objectives and long-term success.

Your Background Could Include

To ensure success in this role, possessing one or more of the following skills will be highly beneficial:

• Offensive Security Techniques: Proficiency in ethical hacking, penetration testing, and red team exercises to proactively identify and address vulnerabilities.
• Engineering Expertise in Secure Software Development: A background as an engineer with a focus on secure software development, incorporating secure SDLC practices to ensure that all software is built with security integrated from the ground up.
• Platform Engineering and Automation Proficiency: Experience in platform engineering, including infrastructure management and automation, ensuring efficient and secure deployment of cloud-based services.
• Security Compliance Expertise: Familiarity with industry standards such as GDPR, SOC 2, or ISO, and experience in implementing compliance measures.
• Threat Modeling and Risk Analysis: Skills in conducting thorough threat models and risk analyses to effectively forecast potential security issues and strategize appropriate defenses.

 What you will be responsible for (depending on your interest):

• Acting as a technical lead and subject matter expert for our secure application code development, cloud-based infrastructure, and network security.
• Promoting and assisting in reviewing code to enforce security, which includes reviewing pull requests and providing guidance to development teams.
• Constantly re-evaluating threat models for our application and infrastructure as we rapidly scale our offering, identifying security issues.
• Developing technical solutions to help mitigate security vulnerabilities, evaluate, implement, and support security-focused tools and services.
• Participation in enhancing a security strategy focusing on cloud-based infrastructure, networks, and applications, supporting security certifications and audits.
• Developing security requirements through designing and building prototypes or proofs of concept.
• Participating in building scalable detection systems and security-focused telemetry tools.
• Working directly with development teams to establish and enforce security best practices, process improvements and effective security controls for new and existing products.

What we value:

• Significant experience in secure software development and architecture in two or more languages.
• Relevant experience as a Security Engineer - building security into a SaaS delivery pipeline.
• Significant experience in application-level vulnerability testing, e.g., Cross Site Scripting, SQL Injection, LDAP Injection, Cross Site Request Forgery, and Insecure Cryptographic Storage.
• Experience with code-level security auditing and automated static code analysis from a secure software development point of view.
• Experience with common vulnerability scanning and reporting tools, e.g., SonarQube, Mend, Black Duck.
• Knowledge of a broad range of attack vectors and exploits, e.g., API, OS, database, network, and Front End.
• Knowledge of cloud computing services, deployment architecture, cloud operations (we use Azure), security, automation, and orchestration.
• Knowledge of cybersecurity frameworks and related industry practices such as NIST, FFIEC, and OWASP.
• Experience in performing threat modeling and design reviews to assess security implications and requirements for introduction of new technologies

Next Steps:

Please click the “Apply” button to learn more about the vacancy and what SimCorp has to offer regarding salary, benefits, and perks. Please note only applications sent through our system will be processed. Applications are continuously assessed, so please send your CV in English as soon as possible.

If you are interested in being part of SimCorp but are not sure this role is a suitable role, submit your CV anyway. SimCorp is on an exciting growth journey, and our Talent Acquisition Team is ready to assist you discover the right role for you. The approximate time to consider your CV is three weeks.

We are eager to continually improve our talent acquisition process and make everyone’s experience positive and valuable. Therefore, during the process we will ask you to provide your feedback, which is highly appreciated.

By Joining our team, you will have the chance to:

Become part of a thriving company comprising collaborative, curious, courageous, and capable employees

Explore a multitude of exciting learning and development opportunities, supported by our unique learning guild

Engage with highly skilled and welcoming colleagues, each bringing their diverse backgrounds and perspectives

Join a company that not only values but actively advocates for Diversity, Equity, and Inclusion, ensuring a truly inclusive and empowering environment

**SimCorp proudly announces the official certification of its Manila Delivery Center as a Great Place To Work, a remarkable achievement within just two and a half years of operations. This certification, which was acquired in November 2023, underscores SimCorp's commitment to nurturing a workplace that is not only inclusive and collaborative but also committed to the personal and professional growth of its employees.**

**We are also honored to have been voted as a WealthTech100 company for three consecutive years. The new WealthTech100 list aims to highlight tech innovation leaders in the investment management industry.**

#LI-Hybrid