Job Drop BerlinYOUR WAY INTO BERLIN TECH
NewsletterLinkedIn
AboutTermsImpressumPrivacy

Software Security Engineer - Senior/Staff

EEnpal
Seniority
Senior
Model
Hybrid
Sector
Climate tech
Salary
Undisclosed
Contract
Full-Time

As a Staff Application Security Engineer, you will be responsible for ensuring the security of our applications throughout the software development lifecycle (SDLC). You will work closely with development, product, and DevOps teams to embed security practices, conduct threat modeling, and lead secure code reviews.

What you'll do

  • Partner with software engineering and product teams to embed security across all stages of the SDLC (design, development, testing, deployment)
  • Lead threat modeling sessions, drive secure design and code reviews, and perform application-level risk assessments
  • Serve as a hands-on security advisor to developers by offering training, guidance, and support on secure software development practices and security champions development
  • Define, maintain, and enforce secure coding standards, guidelines, and reusable security patterns across development teams
  • Adopt Shift-Left and Zero-Trust approaches to emphasize proactive and continuous security measures

What you'll need

  • Minimum 5 years of experience in application security, with a strong understanding of secure coding practices and application security vulnerabilities (OWASP Top 10, ASVS, MSVS)
  • Hands-on experience embedding security throughout the entire software development lifecycle - from design and coding to integration and deployment
  • Hands-on experience with threat modelling approaches STRIDE, PASTA, DREAD and supporting tools
  • Proficiency in multiple programming languages; .Net is a plus
  • Knowledge of cloud computing platforms; Azure is a plus
  • Experience with security tooling and automation across domains like SAST, SCA, DAST
  • Experience identifying and addressing security flaws in APIs and applications, with a solid understanding of OWASP principles
  • Fluent English, spoken and written

Nice to have

  • Relevant certifications: CSSLP, OSCP, OSWA
  • Knowledge of German

What they offer

  • Hybrid working model
  • Modern office in Berlin-Friedrichshain with ping-pong table, yoga corner, roof terrace, and stocked drinks fridges
  • Monthly all-hands meetings and Lunch & Learn sessions
  • Team events and strong team culture
  • Feedback culture with Culture Amp tool
APPLY →