Job Drop BerlinYOUR WAY INTO BERLIN TECH
POST A JOBSAVED JOBSMEET A STARTUPREADSUBSCRIBE
NewsletterLinkedIn
AboutTermsImpressumPrivacy

Product Security Engineer

SScalable Capital
Seniority
Midweight
Model
In-Office
Sector
Fintech
Salary
Undisclosed
Contract
Full-Time

About the role

We're looking for a Product Security Engineer to join our team and help champion the security of our platform. In this role, you will act as a bridge between security and engineering. You will start by focusing on hands-on security testing and code review, and with the support of senior team members, you will gradually expand your scope to include architecture reviews, automated tooling, and strategic security initiatives.

What you'll do

  • Application Security Testing: Perform security assessments and code reviews on our web apps, mobile apps, and APIs, combining manual testing with automated tooling to validate security controls against industry standards.
  • Vulnerability Disclosure & Management: Triage incoming reports from bug bounties, vulnerability disclosures, and external penetration tests, and help manage the intake process towards establishing a formal Bug Bounty program.
  • Secure Software Development Lifecycle (SSDLC): Assist in integrating security tooling (SAST, DAST, SCA) into our CI/CD pipelines (AWS/GitHub) and help tune these tools to ensure high-fidelity alerts for our developers.
  • Threat Modeling Support: Partner with senior security engineers and product teams to participate in threat modeling sessions and learn to identify architectural flaws and logic vulnerabilities in the design phase.
  • Developer Enablement: Collaborate with engineering teams to advocate for secure coding practices and help build secure defaults and libraries that make it easier for developers to write secure code in Kotlin and Python.
  • Cloud Security Basics: Gain exposure to securing infrastructure-as-code and AWS environments, helping ensure our microservices architecture remains resilient.

What you'll need

  • Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent practical experience).
  • Profound experience in Application Security, Product Security, or Software Engineering with a security focus.
  • Strong understanding of the OWASP Top 10 and familiarity with verification standards like OWASP ASVS/MASVS.
  • Ability to read and review code; familiarity with Kotlin, Java, Python, or TypeScript is highly desired.
  • Experience with Burp Suite or similar testing tools; familiarity with CI/CD concepts (GitHub Actions) is a plus.
  • High empathy for developers — able to explain technical findings clearly and enjoy working in a collaborative environment.

Nice to have

  • Certifications such as OSCP, GWAPT, GCPN, CSSLP, or AWS Security Specialty.

What they offer

  • Individual Education Budget and in-house knowledge sharing and career development sessions.
  • Flexible vacation policy and the opportunity to work from abroad.
  • Attractive compensation package and company pension scheme.
  • Monthly contribution of 50% for the Deutschland Jobticket.
  • Complimentary subscription of Scalable Capital's PRIME+ Broker.
  • Flexible and discounted sports activities with Urban Sports Club.
APPLY →