Software Security Architect (all genders)

Full Time
Munich, Germany
9 months ago
Who we are

Welcome to one of Europe’s most exciting New Space companies, creating the world's first fully connected mesh network in the sky. We are an international team of experts and engineers who have spent their careers expanding the boundaries and potential of space, now united in pursuit of a single vision. We value trust, open communication and collaboration to achieve the best results together. Now we are looking for the best talents for our locations in Munich and Berlin to help us make our vision come true.

Your mission

As Software Security Architect you will be responsible for defining, documenting and managing the application of policies, best practices and processes related to software security for the OuterNET™, both for in-house and externally developed software. As such, you will work in close collaboration with the Software Team, as well as with the Security Architects.   In more detail, the job encompasses the following tasks:  Security Policies: 

  • Establish a code of conduct that includes security awareness and compliance requirements for developers 
  • Define access controls to restrict access to sensitive code repositories and development environments 
  • Clearly define how sensitive data is handled throughout the development process and establish guidelines for data encryption and protection 
  • Develop an incident response plan outlining the steps to be taken in case of a security incident during development 
 Best Practices: 
  • Adopt secure coding standards (e.g. OWASP), to minimize vulnerabilities in the code 
  • Implement regular code reviews to identify and address security issues early in the development process 
  • Regularly scan and update third-party dependencies to address known vulnerabilities and security patches 
  • Ensure strong authentication and authorization mechanisms are implemented in the SW to control access to systems and data 
  • Ensure that the principle of least privilege is applied in the development environment  
  • Identify vulnerabilities and propose remediation actions at different stages of development (e.g. by ensuring both static and dynamic code analysis are conducted) 
  • Define all relevant security aspects into the DevOps pipeline to automate security testing and ensure continuous security monitoring throughout the development lifecycle 
  • Provide regular security training for developers to keep them informed about the latest security threats, best practices, and compliance requirements 
  • Ensure that configurations for servers, databases, and other components are securely managed and regularly audited 
 Processes: 
  • Incorporate threat modeling into the design phase to identify potential security risks and design countermeasures accordingly 
  • Implement a robust vulnerability management process to identify, prioritize, and remediate security vulnerabilities promptly 
  • Develop a secure release management process to ensure that only thoroughly tested and secure code is deployed to production 
  • Implement continuous monitoring to detect and respond to security incidents in real-time 
  • Conduct regular compliance audits to ensure that development processes align with industry regulations and organizational security policies 

What you bring on the table

  • Successfully completed a degree in Computer Science, Cyber Security, or similar 
  • 8+ years of experience in the field of Cyber Security, Information Security, IT security or similar 
  • 5+ years of experience in the area of software security 
  • Solid knowledge of software development methodologies, with strong emphasis on security, such as Agile, DevSecOps, CI/CD, Capability Maturity Model (SW-CMM), OWASP Software Assurance Maturity Model (SAMM), OWASP DevSecOps Maturity Model (DSOMM), etc. 
  • Familiarity with programming tools and toolsets, such as compatibility analysis tools, build tools, code coverage, static code analysis tools, etc. 
  • Experience with source code analysis tools, such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Runtime Application Security Testing (RASP), etc. 
  • Experience on software assurance, including configuration management, acceptance testing, regression testing, security assessment testing, testing and evaluation of security controls 
  • Solid knowledge of widely accepted Cyber Security Frameworks, such as NIST CSF and RMF, ISO 27000+, etc. 
  • Excellent written and spoken English

Why you should join us

We are an international team of space enthusiasts, following one great vision. We value trust, open communication and collaboration. We value equality in our work environment where different opinions, backgrounds and experiences are not only welcomed but also necessary to achieve the best result collaboratively.This permanent position was created recently and thus offers a lot of creative freedom. Our approach is to create a modern work environment with hybrid working model. We offer an attractive salary depending on your experience.Rivada Space Networks is an equal opportunity employer with the approach to create a diverse and inclusive working environment. We therefore welcome applications from all qualified candidates irrespective of gender, sexual orientation, ethnicity, beliefs, age, disability, or other characteristics.