Security Software Engineer

Overview

CHAMP Cargosystems provides the most comprehensive range of integrated IT solutions and distribution services for the air cargo transport chain. Our portfolio spans core management systems, messaging services, and eCargo solutions. These include applications designed to meet customs and security requirements, quality optimization, as well as e-freight and mobility needs. Our products and services are recognized globally under the Cargospot and Traxon brands.

We serve over 200 airlines and GSAs, connecting them with approximately 3,000 forwarders and GHAs worldwide. Our solutions help customers, and their clients, adapt to the critical and ongoing changes in air transport logistics and meet the demands of global trade.

Headquartered in Luxembourg, CHAMP Cargosystems operates offices in Reading UK, Zurich, Frankfurt, Manila, Singapore, and Atlanta.

We are looking for a Security Software Engineer to join our Security & GRC team.

The role will be reporting to the Security Architect.

Responsibilities :

We are looking for a motivated Software Developer who is looking to transition into a security-focused role and join our Product Security Team. As a Security Software Engineer, you will leverage your background in software development (primarily Java-based web applications) to identify, remediate, and prevent vulnerabilities in our SaaS products. You will play a key role in embedding security into our agile development lifecycle, working closely with developers, product owners, and external penetration testers.

Ø Vulnerability Remediation

• Analyze penetration testing reports and remediate vulnerabilities in application code.
• Collaborate with developers to implement secure fixes and improve coding practices.
• Act as a bridge between external security experts and internal development teams.

Ø Offensive Security & Testing

• Build skills in penetration testing and ethical hacking, focusing on web applications and APIs.
• Contribute to regular security assessments integrated into CI/CD pipelines.
• Participate in threat modeling exercises and simulate attacker techniques.

Ø Secure Development Governance

• Help define and enforce secure coding standards for Java and web application development.
• Propose secure code libraries and reusable components to accelerate secure development.
• Support the integration of security requirements into user stories and agile sprints.

Ø Tooling & Automation

• Assist in configuring SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) solutions.
• Contribute to building unit test frameworks with embedded security checks.
• Support automation of security testing in CI/CD pipelines.

Ø Education & Enablement

• Act as a security champion within development squads, promoting secure coding practices.
• Share knowledge with peers on threat modeling, secure design, and vulnerability prevention.
• Grow into a role where you can conduct independent penetration testing and expand scope to infrastructure security.

Knowledge, Skills and Abilities :

Ø Background in software development, ideally with experience in Java web applications.

Ø Familiarity with agile/SCRUM methodology and CI/CD pipelines.

Ø Strong interest in transitioning into application security and penetration testing.

Ø Analytical mindset with problem-solving skills and attention to detail.

Ø Excellent communication skills to collaborate with developers, product owners, and security specialists.

Education and Experience :

Ø Bachelor’s or Master’s degree in Software Engineering, Cybersecurity, or related field.

Ø 4-6 years of experience in software development with hands-on exposure to Java web applications.

Ø Exposure to security testing tools (SAST, DAST, vulnerability scanners).

Ø Knowledge of secure coding practices and common web application vulnerabilities (OWASP Top 10, CWE/SANS Top 25, STRIDE).

Ø Interest in pursuing certifications such as OSCP, CSSLP, or CISSP.

The selected candidate may be subject to the provision of an up-to-date (not older than 3 months) criminal record certificate.

Security: the successful candidate will have to comply with CHAMP Security Requirements (including but not limited to CHAMP’s IT Security Policies, especially the ISMS Policy and the Acceptable Use Policy, mandatory courses, confidentiality and data protection, use of company assets, and incident reporting).

CHAMP Cargosystems is an equal opportunity employer and prohibits discrimination and harassment of any kind. We are committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions are based on business needs, job requirements and individual qualifications, without regard to race, ethnic background, religion or belief, family or parental status, or any other status protected by the laws or regulations in the locations where we operate.

Please note that any personal data that you submit along with your application will be processed by CHAMP and may be processed by any of its global entities as necessary. These data will be treated in strict compliance with the applicable data protection legislation (i.e. the Law of 2 August 2002 on the protection of individuals with regard to the processing of personal data, as amended, and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, - the GDPR -, which entered into force on 25 May 2018, as well as any other subsequent regulation).Please follow the link to the CHAMP Candidates Privacy Notice for further information.