Mechanical engineer vacatures in Berlin

Improve our product security focusing on cyber security and information security resilience in respectively products and product intellectual property.

De functie

Changing threat and risk horizons require us to further improve on product security focusing on cyber security and information security resilience in respectively products and product intellectual property.

The Security Domain Architect is responsible for:

• Development, maintenance, and improvement of the cross-product security reference architecture in close cooperation with the product security focus group lead/ enterprise product security architect;
• Development, maintenance, and improvement of product security design patterns and integration of these in business/ product development processes;
• Alignment of cross-product security reference architecture with product security risk management framework;
• Execute product security control and risk assessments and drive mitigation in product development processes;
• Execution and coordination in product security incident and exception management processes;
• Capable to design and to support in design of solution architecture -including technical and operational aspects- for product security services;
• Support business line programs, product architects, and engineers in solution architecture, design and implementation of security requirements in products and services;
• Provide and contribute to security awareness trainings for specialized topics such as secure software development.
• Contribute to the development of product security policies, standards, benchmarks, and guidelines;
• Contribute to the development of product security means and methods such as assessment tooling;
• Contribute to the maturity of the product security technical competence;
• Remain oversight, manage dependencies and integration aspects, and assure cross-product security architecture is consistent across product security services.

Over het bedrijf ASML is a successful Dutch high-tech enterprise that produces complex lithography systems used by chip manufacturers in the production of integrated circuits. ASML is at the cutting edge of this technology and delivers systems to all the world's leading chip manufacturers. ASML's employees are among the most creative talents in the fields of physics, mathematics, chemistry, mechanical engineering and software. Every day they collaborate in close-knit multidisciplinary teams in which members listen to and learn from one another and exchange ideas. It is the ideal environment for professional development and personal growth. ASML is headquartered in Veldhoven, the Netherlands. Aanbod

You will be employed by YER and seconded to our client. The offer includes:

• Good employee benefits
• Challenging assignments
• Excellent guidance from your consultant and YER's back office
• Development opportunities, including the YER Talent Development Programme with a personal coach
• Intensive support for international candidates (including Dutch lessons, tax-return and accommodation assistance)
• Cooperative and results and relationship-driven
• Friendly atmosphere and open culture
• Community/network with other technology professionals from a variety of multinationals
• Events and master classes with interesting speakers and attractive companies

Jouw profiel

Education

Bachelor/ master degree or equivalent combination of education and experience.

Experience

• Minimum of 10 years of relevant experience in IT security, OT security, Cyber Security;
• Proven strong IT and software architecture knowledge and background;
• Proven experience with risk management frameworks such as ISO 27001;
• Vendor agnostic expertise of IT/ software architecture;
• Proven up-to-date experience with vulnerability scanning and/ or penetration testing;
• Knowledge of open source software;
• Experience in Linux (RHEL-based) environments;
• Proven experience in security software development and secure programming (Java, Python, Golang)
• Knowledge of Securing Cloud Solutions such as GCP, Azure;
• Knowledge of virtualization and containerization technologies such as Kubernetes, VMware, and Docker.
• Monitoring tools: Splunk ITSI, Enterprise Security, Observability Suite, Phantom, Cribl;
• HashiCorp: Vault, Boundary, Consul, Terraform, Waypoint;
• Pre: Experience with certificates and encryption techniques.
• Generic security certifications like CISSP, and CISM;
• Specialized security architecture certifications like TOGAF9, SABSA, CISSP-ISSAP, and GDSA.

Personal skills

• Skill to lead, influence, and negotiate without authority;
• An business enabling security attitude in opposite to a business disabling one;
• Strong analytical skills in combination with common sense;
• Ability to translate risks, threats, and vulnerabilities to business stakeholder level and to drive risk mitigation, dealing with resistance and risk appetite;
• Pro-active and self-motivated attitude;
• Political aware and sensitive;
• Fluent English (written and verbal);
• Team player;
• Strong communication and presentation skills;
• Drive to retrieve the root cause of the problem.