Staff Security Engineer (m,f,x)

About the role

Staff Security Engineer to join the Security Tribe and help shape the next generation of security capabilities at HelloFresh. This is a senior individual contributor role for someone who is deeply technical, pragmatic, and builder-minded. You will work across Cloud Security, Application & Product Security, Offensive Security, and GenAI Security, with a strong focus on creating scalable internal security products, paved roads, guardrails, and self-service capabilities for HelloFresh teams.

What you'll do

• Own and elevate secure design and architecture at scale across HelloFresh — championing a security-by-design culture by defining, driving, and embedding robust architectural patterns, reference designs, and guardrails that enable teams to build secure systems by default across the organization.
• Define and drive security architecture across cloud environments, with a strong focus on AWS, Kubernetes, IAM, network security, workload protection, secrets management, and secure-by-default infrastructure.
• Build and scale cloud security guardrails using automation, policy-as-code, Infrastructure as Code, and platform-native controls.
• Partner with engineering and product teams to embed security into the SDLC through threat modeling, secure design reviews, security testing, and developer-friendly remediation workflows.
• Build internal security products and capabilities that make security self-serviceable for HelloFresh employees and engineering teams.
• Lead initiatives across SAST, DAST, SCA, IaC scanning, secret detection, vulnerability management, and software supply chain security.
• Drive offensive security activities including penetration testing, adversary simulation, purple teaming, and validation of detection and response capabilities.

What you'll need

• 8+ years of experience in security engineering, software engineering, cloud security, application security, or offensive security.
• Deep hands-on experience securing cloud-native environments, preferably AWS, with strong knowledge of IAM, Kubernetes, networking, logging, detection, and infrastructure security.
• Strong application and product security experience, including threat modeling, secure architecture reviews, OWASP risks, API security, and SDLC security.
• Practical offensive security experience, including penetration testing, vulnerability research, exploitability analysis, or red/purple team exercises.
• Strong engineering skills in one or more programming languages (e.g., Python, Go, Java, TypeScript), with the ability to build production-grade systems and security tooling.
• Experience building automation, internal tools, developer platforms, security guardrails, or self-service security capabilities.

Nice to have

• Experience securing GenAI, LLM, AI agent, RAG, or ML systems.
• Familiarity with OWASP Top 10 for LLMs, MITRE ATLAS, NIST AI RMF, AI gateways, LLM guardrails, prompt evaluation, or AI red teaming.

What they offer

• Competitive compensation package with HelloFresh-subsidized Pension Scheme and Berlin relocation support.
• Hybrid working model with global community of 90+ nationalities.
• German language learning budget and access to HelloFresh Academy.
• Exclusive HelloFresh box discounts and office meals.
• Mental health support, 24/7 gym access, wellbeing platforms like Headspace and Spill, and sabbatical leave options.