Job description:
We are currently looking for an IT security architect for a public-sector customer. (m / w / d)
IMPORTANT: For this position the readiness for a SÜ2 (sabotage protection) is necessary. In addition, the customer demands a free integration of approx. 10% of the order sum (about 80 hours).
For this position we can offer a maximum net hourly rate of 90,00 €for on site and remote.
Duration: asap
- 31.10.2026
Capacity: 80%
- 100%
Location: 85% Remote, 124; 15% Nuremberg
Skills:
1. Application server (Oracle WebLogic, Payara, Quarkus)
2. JavaScript Framework
3. Integration architectures (web services, REST, messaging)
4. Threat analysis
5. Safety architectures
6. Safety requirements according to OWASP
7. SAML, SSO, OpenID Connect
8. Auditing and logging
9. JAVEE / EJB / Servlets
10. Multi-layer applications
11. Design & Modeling of SW (Ooa / OOD, UML)
12. Portal architectures
13. EJB container, application server (Oracle WebLogic, Payara)
14. Web Framework (e.g. JSF)
15. Java Script Framework
16. Common Java Tools (Eclipse, JDeveloper, Ant, Maven, JUnit, Hudson / Jenkins)
17. RDBMS (Oracle, MS-SQL servers) and nosql-DBs
18. Test concepts (unit test, performance test)
19. Integration architectures (ESB, web services, REST, messaging)
20. Several operating systems (UNIX, Linux, Windows)
21. Cryptography
22. OpenSAMM as a process model
23. Threat analysis
24. Safety architectures
25. Secure Design Pattern
26. Secure Design Principles
27. Safety requirements according to OWASP
28. Test software for safety
29. Metrics for safety
30. SAML, SSO, OpenID Connect
31. User
- and session management
32. Auditing and logging
Tasks:
1. Contact for all security issues in the project
2. Advice on safety methods (e.g. threat analyses, ISMS)
3. Coordination of relevant security activities (PenTests, Security Tests, Security Code Reviews)
4. Monitoring of production-related decreases and releases
5. Support of the components BIO and BDD
6. Creation of the list of threats
7. Creation of the bSiKo (basic safety concept)
8. Creation of the vSiKo (deep security concept)
9. Creation of further IT security relevant documents
10. Assessment and assessment of safety risks
11. Analysis and evaluation of the results of safety tests
12. Assessment of the safety relevance of back log items
13. Derivatives of security measures for implementation teams
14. Definition of safety-related tasks for development teams
15. Participation in Scrum Events
16. Execution of own security- repayments if necessary
17. Coordination with the technical product owner
18. Cooperation with relevant roles in the DevSecOps context
Background:
With the 8th SGB-IV Amendment Act, the legislator aims to digitize the processes and thus support the de-bureaucracy in the social security reporting process. For the employment companies under § 18i SGB IV, it was established by law that all feedback to the employer (AG) should be made in electronic form. In this context, the project aims to create digital processes that at the same time add value to the quality of the operational data. In addition to the electronic storage confirmation sent to the employer, the possibility is also opened for the employees of the operating number service (BNS) of the Federal Agency to send quality information to the employer as well as quality information from the German Legal Accident Insurance (DGUV) to be forwarded to the employer. This is expected to increase the data quality of the operational data. In the Federal Agency, this better data situation benefits not only the employees of the BNS, but also other departments that work with operational data.