Senior Application Security Engineer (d/f/m)

Acting as a trusted advisor to the engineering team to improve our security posture.

Designing, implementing, and maintaining security controls.

Performing code and configuration security reviews and advocating for secure coding practices to support an overall shift-left strategy.

Automating security checks and guardrails (SAST, DAST, and secret scanning) into CI/CD pipelines, promoting a true "security-as-code" methodology.

Partnering on vulnerability triage and driving remediation.

Performing and coordinating security tests and threat modeling around our product and the related infrastructure.

Translating security requirements into enforceable technical controls by automating evidence collection and configuring platform settings.

5+ years as a Security Engineer (or equivalent).

Experience within a high-growth SaaS, E-commerce, or Fintech environment.

Experience with both API and web security, potential attack vectors, and how to advocate for and implement scalable best practices.

Experience with diving deep into the business logic of a SaaS application to determine and verify attack vectors.

Proficiency in Terraform for securing infrastructure, combined with hands-on experience in integrating security testing.

Proficiency in at least one programming language for scripting, security tooling development, and automating GRC evidence collection.

A proven track record of driving security initiatives with a strong sense of ownership.

Preferred: Experience in a modern application tech stack including GCP, Golang, and TypeScript.

Preferred: Experience with PCI DSS script security.

Preferred: Experience in executing Red or Purple Team operations and advanced penetration testing, and the ability to effectively collaborate with development teams to drive the remediation of software vulnerabilities.

Bachelor's or Master’s degree in Computer Science, Information Technology, Cybersecurity, or a closely related technical field.