Senior Application Security Engineer in Aachen bei Cerence

Cerence

A Moving Experience.

Job Description

Perform design consultation, architecture review, threat modeling, code review, and testing.
Drive the on-boarding of Cerence applications to ISO 21434.
Educate application teams on application security requirements, threat and risk analysis processes, and secure SDLC.
Identify security tools, support vendor selection, drive implementation and management system reporting.
Lead application vulnerability assessments.
Analyze output from security tooling and provide guidance to drive remediation.
Assess SDLC processes and provide guidance on increasing security review coverage.
Consult with development and QA staff to identify false positive root causes and prioritize remediation based on security scanning tools’ output.
Perform tasks related to securing and maintaining the security of applications, tools, and processes.
Work with internal QA teams to add security testing to their processes.
Assist in the development of test cases, scripts, procedures, and tooling for QA security testing.

Prior Experience & Qualifications

Threat Modeling (ISO 21434 compliant a bonus).
Understanding and familiarity with common code review methods and standards.
Knowledge of secure coding patterns and pitfalls in multiple languages (C, C++, Java, Python).
Demonstrated experience providing security review of web applications, mobile applications, thick clients, web APIs (REST, SOAP), AuthZ/AuthN protocols and technologies, and cryptography.
Experience with static analysis and dynamic analysis tools.
Experience with offensive security tools and methodologies.
Penetration testing experience, especially at the application level.
Expertise with development and test toolsets (source code control, build systems, test automation, ticketing systems).
Knowledge of OWASP tools and methodologies.
Knowledge of modern SDLC practices and security touch points in Agile and DevOps.
Experience with application security requirements of BSIMM, OpenSAMM, ISO 21434.
5 years of technical experience (coding, QA code troubleshooting).
Experience making recommendations to remediate code defects.
Experience in software engineering for the automotive industry a plus.

Cerence Inc. (Nasdaq: CRNC and

www.cerence.com

) is the global industry leader in creating unique, moving experiences for the automotive world. Spun out from Nuance in October 2019, Cerence is a new, independent company that has quickly gained traction as a leader in the automotive voice assistant space, working with all of the world’s leading automakers – from Ford and Fiat Chrysler to Daimler, Audi and BMW to Geely and SAIC – to transform how a car feels, responds and learns. Its track record is built on more than 20 years of industry experience and leadership and more than 325 million cars on the road today across more than 70 languages.

As Cerence looks to the future and continues an ambitious growth agenda, we need someone to join the team and help build the future of voice and AI in cars. This is an exciting opportunity to join Cerence’s passionate, dedicated, global team and be a part of meaningful innovation in a rapidly growing industry.

EQUAL OPPORTUNITY EMPLOYER

Cerence is firmly committed to Equal Employment Opportunity (EEO) and to compliance with all federal, state and local laws that prohibit employment discrimination on the basis of age, race, color, gender, gender identity, gender expression, sex, sex stereotyping, pregnancy, national origin, ancestry, religion, physical or mental disability, medical condition, marital status, citizenship status, sexual orientation, protected military or veteran status, genetic information and other protected classifications. Cerence Equal Employment Opportunity Policy Statement.

All prospective and current Employees need to remain vigilant when it comes to executing security policies in the workplace. This includes:

Following workplace security protocols and training programs to familiarize with the ways to maintain a safe workplace.
Following security procedures to report any suspicious activity.
Having respect for corporate security procedures to allow those procedures to be effective.
Adher