ISCC – the International Sustainability and Carbon Certification

• Conduct of on-site and remote Integrity Assessments and associated travel activities in coordination with the ISCC office in Cologne • Preparation and coordination of schedules/audit plans for Integrity Assessments • Conduct of ISCC Integrity Assessments at certified companies and certification bodies (CBs) and witness audits on CB auditors with a regional focus on Europe according to the ISCC standards in diverse markets: Covering diverse certification scopes such as points of origin and collecting points for waste and residues (used cooking oil, palm oil mill effluent, brown grease/grease trap fat), farms/plantations, traders, and processing facilities • Verification of incoming and outgoing traceability documents, mass balances, and other relevant sustainability criteria covered under the ISCC standards • Special focus might be put on social issues in the context of human rights (e.g. fair and safe working conditions) and the conservation of natural resources/biodiversity • Compilation of Integrity Assessment Reports • Contribution to the continuous development of the ISCC System and the ISCC Integrity Programme

• You will be writing YAML, configuring tools, and committing code • SAST – Static Application Security Testing - Integrate SonarQube into GitHub Actions for code quality and security scanning • Configure quality gates and security rules for Python, R, and PHP codebases • Set up branch analysis and PR decoration • Implement Snyk for dependency vulnerability scanning in CI pipelines • Configure Snyk for Python, R, and PHP projects • Set up automated fix PRs and vulnerability tracking • Integrate Snyk with GitHub for continuous monitoring • Configure AWS ECR Enhanced Scanning for container images • Set up ECR scan-on-push and findings routing to Security Hub • Create Dockerfile security best practices and base image guidelines • Configure GitHub secret scanning and push protection • Implement pre-commit hooks • Set up AWS Secrets Manager integration patterns for applications • Create security gates that block deployments on critical/high findings • Configure severity thresholds and exception workflows • Document all configurations for ISO 27001 audit evidence