Job description:
For a public-sector customer we are currently looking for an IT security architect (m / w / d).
IMPORTANT: For this position the readiness for a SÜ2 (sabotage protection) is necessary. In addition, the customer demands a free integration of approx. 10% of the order sum (about 80 hours).
For this position we can offer a maximum net hourly rate of 96,00 €for on site and remote.
Duration: asap
- 31.10.2026
Capacity: 80%
- 100% (about 1500 hours)
Location: 85% Remote, 124; 15% Nuremberg
The main task is to determine the protection needs.
Skills:
Application server (Oracle WebLogic, Payara, Quarkus)
JavaScript Framework
Integration architectures (web services, REST, messaging)
Threat analysis
Safety architectures
Safety requirements according to OWASP
SAML, SSO, OpenID Connect
Auditing and logging
JAVEE / EJB / Servlets
Multi-layer applications
Design & Modeling of SW (Ooa / OOD, UML)
Portal architectures
EJB container, application server (Oracle WebLogic, Payara)
Web Framework (e.g. JSF)
Java Script Framework
common Java tools (Eclipse, JDeveloper, Ant, Maven, JUnit, Hudson / Jenkins)
RDBMS (Oracle, MS-SQL servers) and nosql-DBs
Test concepts (unit test, performance test)
Integration architectures (ESB, web services, REST, messaging)
multiple operating systems (UNIX, Linux, Windows)
Cryptography
OpenSAMM as a process model
Threat analysis
Safety architectures
Secure Design Pattern
Secure Design Principles
Safety requirements according to OWASP
Test software for safety
Metrics for safety
SAML, SSO, OpenID Connect
User
- and session management
Auditing and logging
Tasks:
Contact for all security issues in the project
Advice on safety methods (e.g. threat analyses, ISMS)
Coordination of relevant security activities (PenTests, Security Tests, Security Code Reviews)
Monitoring of production-related decreases and releases
Support of the components BIO and BDD
Creation of the list of threats
Creation of the bSiKo (basic safety concept)
Creation of the vSiKo (deep security concept)
Creation of further IT security relevant documents
Assessment and assessment of safety risks
Analysis and evaluation of the results of safety tests
Assessment of the safety relevance of back log items
Derivatives of security measures for implementation teams
Definition of safety-related tasks for development teams
Participation in Scrum Events
Execution of own security- repayments if necessary
Coordination with the technical product owner
Cooperation with relevant roles in the DevSecOps context
Background:
With the 8th SGB-IV Amendment Act, the legislator aims to digitize the processes and thus support the de-bureaucracy in the social security reporting process. For the employment companies under § 18i SGB IV, it was established by law that all feedback to the employer (AG) should be made in electronic form. In this context, the project aims to create digital processes that at the same time add value to the quality of the operational data. In addition to the electronic storage confirmation sent to the employer, the possibility is also opened for the employees of the operating number service (BNS) of the Federal Agency to send quality information to the employer as well as quality information from the German Legal Accident Insurance (DGUV) to be forwarded to the employer. This is expected to increase the data quality of the operational data. In the Federal Agency, this better data situation benefits not only the employees of the BNS, but also other departments that work with operational data.