Develop cutting-edge solutions for product authentication!  Are you a highly skilled and motivated cloud security engineer? Join Bosch Secure Authentication GmbH, a wholly-owned subsidiary of the Bosch Group, and contribute to the development of our advanced authentication technology. Our team is composed of dedicated and highly qualified developers who collaborate on challenging projects and consistently drive the research and application of forward-looking technologies. We offer a dynamic work environment where initiative is valued and you will have the opportunity to make a significant contribution to the company's success.

Find out more about our solutions: https://origify.de

Check as well our applicant FAQ to find out more about the BSAG and the conditions: FAQ

As a Backend Developer and Cyber Security Engineer, you are a key person in our development team. You will be involved from development to deployment and maintenance. You are responsible for both the robust and scalable architecture of our backend systems and their implementation in an environment that meets current and future Cyber Security requirements.
Your contribution is crucial for the success of our products and the satisfaction of our users.

Your Responsibilities in CS:

• API Security: Design, implementation, and review of security mechanisms for our APIs (REST, GraphQL, etc.). This includes identifying vulnerabilities, defining best practices, and supporting the implementation of secure API gateways.
• Threat Modeling (TARA): Conducting Threat and Risk Analyses (TARA) for new and existing systems and applications to systematically identify and assess potential threats and vulnerabilities.
• OWASP Top 10: Application of the OWASP Top 10 and other OWASP projects for analyzing and remediating security vulnerabilities in our web applications and APIs.
• Security Reviews and Audits: Performing code reviews, architecture reviews, and penetration testing activities (internally or in collaboration with external partners) to identify and remediate vulnerabilities.
• Security Consulting: Advising and supporting development teams in implementing "Security by Design" principles and adhering to security guidelines.
• Incident Response: Support in analyzing and resolving security incidents.
• Documentation: Creation and maintenance of security concepts, policies, and technical documentation.
• Security Awareness: Contributing to increasing security awareness within the company through training and knowledge transfer.

Your Tasks in Backend:

• Backend Development: You develop robust, scalable, and secure backend services and APIs, using Python as your primary language.
• Database Management: You optimize database structures and ensure efficient data access.
• Asynchronous Communication: You manage message queues (e.g., with RabbitMQ) to ensure robust and scalable asynchronous communication between services.
• Code Quality & Tests: You write clean, maintainable code, conduct unit and integration tests, and ensure high code quality.
• Technology Evaluation: You evaluate new technologies and actively contribute to improving our technology stacks.
• Collaboration: You work closely with Product Managers and other developers.
• Deployment & Maintenance: You support the deployment and maintenance of our applications.

• Education: Bachelor's degree in Computer Science, Cybersecurity, Information Technology or equivalent professional experience.
• Professional Experience: At least 3 years of relevant professional experience in cybersecurity and backend development/operations, ideally with a focus on application security.
• API Security: Profound knowledge and practical experience in securing APIs, including authentication/authorization mechanisms (OAuth2, JWT), rate limiting, input validation, and protection against common API attacks.
• OWASP: Excellent knowledge of the OWASP Top 10 and other OWASP projects (e.g., OWASP ASVS, WSTG). Ability to practically apply these concepts and identify vulnerabilities.
• Threat Modeling: Practical experience in conducting Threat and Risk Analyses (TARA) or similar threat modeling frameworks.
• Programming Skills: Proficient programming skills in at least one common language (e.g., Python, Java) to conduct code reviews and understand security solutions.
• Network Knowledge: Solid understanding of network protocols (TCP/IP, HTTP/S) and their security aspects.
• Backend Expertise:
  • Excellent knowledge of Python with frameworks such as FastAPI.
  • Experience in developing and designing RESTful APIs.
  • Practical experience with message brokers, especially RabbitMQ.
• Databases:
  • Good knowledge of relational databases (e.g., PostgreSQL, MySQL, MS SQL Server) and/or NoSQL databases (e.g., MongoDB, Redis).
• Versioning & CI/CD: Proficiency in using Git and experience with CI/CD pipelines.
• Analytical Skills: Structured and analytical mindset to solve complex security problems.
• Communication Skills: Excellent communication skills to convey technical matters clearly and understandably to various stakeholders.
• Languages: Business-fluent German and English skills, both written and spoken.
• Team Player: You are a communicative team player who actively participates in discussions and collaborates effectively with colleagues.

Need further information about the job?
Oliver Steinbis (Functional Department)