Job Drop BerlinYOUR WAY INTO BERLIN TECH
POST A JOBSAVED JOBSMEET A STARTUPREADSUBSCRIBE
NewsletterLinkedIn
AboutTermsImpressumPrivacy

Software Security Engineer - Senior/Staff

EEnpal
Seniority
Senior
Model
Hybrid
Sector
Climate tech
Salary
Undisclosed
Contract
Full-Time

About the role

As a Staff Application Security Engineer, you will be responsible for ensuring the security of our applications throughout the software development lifecycle (SDLC). You will work closely with development, product, and DevOps teams to embed security practices, conduct threat modeling, and lead secure code reviews.

What you'll do

  • Partner with software engineering and product teams to embed security across all stages of the SDLC (design, development, testing, deployment).
  • Lead threat modeling sessions, drive secure design and code reviews, and perform application-level risk assessments.
  • Serve as a hands-on security advisor to developers by offering training, guidance, and support on secure software development practices and security champions development.
  • Define, maintain, and enforce secure coding standards, guidelines, and reusable security patterns across development teams.
  • Adopt Shift-Left and Zero-Trust approaches to emphasize proactive and continuous security measures.

What you'll need

  • Minimum of 5 years of experience in application security, with a strong understanding of secure coding practices and application security vulnerabilities (OWASP Top 10, ASVS, MSVS).
  • Hands-on experience embedding security throughout the entire software development lifecycle - from design and coding to integration and deployment.
  • Hands-on experience with threat modelling approaches STRIDE, PASTA, DREAD and supporting tools, like TMT, IriusRisk, etc.
  • Proficiency in multiple programming languages; .Net is a plus.
  • Knowledge of cloud computing platforms; Azure is a plus.
  • Experience with security tooling and automation across domains like SAST, SCA, DAST.
  • Experience identifying and addressing security flaws in APIs and applications, with a solid understanding of OWASP principles.
  • Clear communication in English, spoken and written.

Nice to have

  • Relevant certifications: CSSLP, OSCP, OSWA.
  • Knowledge of German.

What they offer

  • Hybrid working model in Berlin-Friedrichshain office.
  • Modern office with ping-pong table, yoga corner, roof terrace, and stocked drinks fridges.
  • Monthly all-hands meetings and Lunch & Learn sessions.
  • Team events and strong feedback culture via Culture Amp.
APPLY →