Application Security

Job Introduction

The Frequentis Group is an international supplier of communication and information systems for control centres with safety-critical tasks. These 'Control Centre Solutions' are developed and distributed by Frequentis in the business segments Air Traffic Management (civil and military air traffic control, aeronautical information management, air defence) and Public Safety & Transport (police, fire and rescue services, emergency medical services, vessel traffic and railways). With headquarters in Vienna, the company employs more than 2300 people worldwide, with subsidiaries, regional offices and representatives in over 50 countries.

In Cluj we started in 2009 and our local team currently has 180+ colleagues and is growing. As part of our team, you will actively develop products in an international environment, where experienced people will help you further develop your skills and advance in your career.

Purpose of the Role
As a Application Security & DevSecOps Specialist within the System Security Competence Centre (SSCC) Core Team—you will be responsible for ensuring that system security standards are defined, maintained, and effectively applied to all Frequentis products and projects. Through close collaboration with project, product, and operational teams, the System Security Manager supports the consistent, efficient, and compliant integration of system security best practices across the organization.

Key Tasks

Governance & Compliance

• Maintain, improve, and enforce existing system security standards and requirements for all Frequentis products, projects, and services.
• Develop, maintain and distribute new system security requirements to ensure ongoing compliance with ISO/IEC 27001, NIS2, CIS Controls/Benchmarks, and industry best practices.
• Monitor relevant changes in international system security standards, legislation, and accreditations, ensuring Frequentis remains compliant.
• Ensure that non-conformities are tracked, documented, and improvements are addressed or residual risks are accepted.
• Support the certification and continuous improvement of Frequentis AG's ISMS.

Support, Guidance & Enablement

• Provide guidance and enablement to the Project Security Manager in Delivery, Security Champions in Development and collaborate closely with the security agents from the (Strategic) Business Units
• Conduct security risk assessments and evaluate vulnerability scans, reporting and communicating findings clearly to relevant stakeholders.
• Support the definition, implementation, and review of security concepts, risk assessments and technical security deliverables.
• Nice to have: Experience or knowledge of security tools (Static Application Security Testing (SAST) – SonarQube, Coverity, Software Composition Analysis (SCA) – BlackDuck, Dynamic Application Security Testing (DAST) – OWASP ZAP, Burp Suite Pro & Vulnerability Scanning – Nessus Pro)
• Secure Software Development Lifecycle (S-SDLC) Processes and principles e.g., OWASP SAMM

Security Testing & Assurance

• Coordinate and review penetration testing and vulnerability management activities for products.
• Lead or support security assessments (audits, reviews, tests) to ensure that Frequentis system security processes are applied and followed.

Training & Awareness

• Design and deliver security training programs and courses for Frequentis employees, fostering a culture of security awareness and best practice.
• Enable teams to integrate security into daily work through targeted enablement, coaching, and practical guidance.
• Organize and facilitate courses on a range of security technologies, standards, and practices, tailored to both technical and non-technical audiences.

Documentation & Continuous Improvement

• Own the definition and maintenance of the Frequentis System Security Standard, including policies, guidelines, processes, and baseline security requirements.
• Regularly review and update security documentation and templates to reflect evolving threats, technologies, and compliance requirements.
• Proactively identify areas for process optimization and drive improvements across system security processes.

Key Qualifications
Required Qualifications & Experience

• Education: Degree in Informatics, Computer Science, IT Security, or a related technical field (or equivalent experience).
• Experience: Several years in IT/Information Security with hands‑on DevSecOps/SDLC enablement and product security exposure.
• Standards/Regulation: Practical application of ISO/IEC 27001/2, NIS2; awareness of Cyber Resilience Act (CRA) for product organizations.
• AppSec & SDLC: Working knowledge of OWASP ASVS, OWASP Top 10, OWASP SAMM; experience with ASPM concepts and rollout.
• Tooling: Familiarity with SAST (SonarQube, Coverity), SCA (Black Duck), DAST (OWASP ZAP, Burp Suite Pro, Invicti/Netsparker); vulnerability scanning (e.g., Nessus Pro).
• Ways of Working: Strong communication and stakeholder management; ability to coach teams and drive adoption across global, cross‑functional environments.
• Language & Travel: Fluency in English; additional languages are a plus. Willingness to travel internationally (~20%).

Certifications (Nice to Have)

• CISSP, CSSLP, ISO Lead Implementer/Auditor), CompTIA Security+

Mindset & Competencies

• Proactive, self‑driven, and outcome‑oriented with high personal initiative.
• Analytical and pragmatic—able to solve complex security problems and facilitate risk‑based decisions.
• Team player with a coaching mindset and a passion for continuous improvement.

Our Values

Frequentis team is committed to creating a safer world with our innovative strength and technology orientation. At Frequentis Romania we are a family, while we value and work under a safety-critical mindset. We believe in courage and expertise, applied in everything we accomplish.

Benefits
We offer a range of benefits focused on work-life balance, professional development and flexibility.

PRIVATE MEDICAL SPORT LUNCH EXTRA EXTRA PUBLIC TRANSPORT

CERTIFICATIONS TRAININGS UNEQUAL WORK PRIVATE INSURANCE PACKAGE TICKETS VACATION DAYS WINTER HOLIDAY SUBSCRIPTION WORKING HOURS FROM HOME PENSION