This is a fully remote position, open to applicants in Germany.

• Play a pivotal role in enhancing and evolving our application security program.

• Develop secure development standards and integrate security throughout the Software Development Life Cycle (SDLC).

• Collaborate closely with development, DevOps, and DevSecOps teams to ensure seamless security integration.

• Manage vulnerabilities by ensuring systems are regularly patched and secure.

• Review open-source code for security vulnerabilities (OSA / SCA).

• Conduct and enhance code security assessments.

• Strengthen API security (REST, GraphQL).

• Perform threat modeling (STRIDE, PASTA, etc.) for new features.

• Initiate and oversee the bug bounty program!

• Establish a "Security Champions" program throughout the engineering teams.

• Collaborate with external teams on penetration testing.

• Disseminate your security expertise to all team members.

• A minimum of 5 years of experience in AppSec or a comparable security position.

• Proficient with SAST/DAST/IAST/RASP tools—particularly Snyk and/or Acunetix.

• Practical experience in vulnerability management and threat modeling (STRIDE, PASTA).

• Experience in launching or overseeing a bug bounty program.

• Familiarity with pentesting or collaborating closely with pentesting teams.

• Strong understanding of OWASP standards (ASVS, WSTG, etc.) and SSDLC principles.

• Proficient in API security (REST, GraphQL).

• Capable of reading and understanding code in PHP, JS, Go, C#, and C++ (with particular emphasis on Unity for desktop/mobile).

• Comprehensive knowledge in both application and infrastructure security.

• Fully Remote.

• High Flexibility.

• Employee-Focused Culture.

• Innovative and Collaborative Team.

• Excellent Working Conditions.

Senior Application Security Engineer

People also viewed