Job Drop BerlinYOUR WAY INTO BERLIN TECH
NewsletterLinkedIn
AboutTermsImpressumPrivacy

Cyber Security Staff Engineer - Application Security

SSolaris
Seniority
Senior
Model
In-Office
Sector
Fintech
Salary
€85,000 – €110,000
Contract
Full-Time

Integrate security seamlessly into the Software Development Lifecycle (SDLC) and DevSecOps pipelines by automating security gates (SAST, DAST, SCA, and container scanning). Act as a strategic partner to product and engineering teams, providing pragmatic mitigation guidance that balances product velocity with security assurance.

What you'll do

  • Integrate security seamlessly into the Software Development Lifecycle (SDLC) and DevSecOps pipelines by automating security gates (SAST, DAST, SCA, and container scanning).
  • Conduct thorough threat modeling and architectural security reviews for complex applications, APIs, and microservices prior to deployment.
  • Perform deep-dive manual and automated secure code reviews across various codebases to identify logic flaws and subtle implementation vulnerabilities.
  • Build and maintain "secure-by-default" internal libraries, frameworks, and developer tools to systematically eliminate entire classes of vulnerabilities.
  • Take ownership of the application vulnerability lifecycle, including triaging, validating, and prioritizing vulnerabilities originating from internal testing, penetration tests, and external bug bounty programs.
  • Design and deliver modern, hands-on secure coding training and security awareness initiatives for engineering teams.
  • Support incident response and detection teams during application-level security incidents, leading post-mortem analysis for software flaws.

What you'll need

  • A degree in Computer Science, Software Engineering, Information Technology, Cybersecurity, or equivalent professional experience.
  • 6+ years of experience in dedicated Application Security, DevSecOps, or Software Engineering roles with a strong focus on security in high-growth cloud environments.
  • Proven experience analyzing and securing code written in modern languages (e.g., Java, Go, Python, TypeScript, or Rust).
  • Deep understanding of web application vulnerabilities, API security, and exploitation techniques (OWASP Top 10, CWE).
  • Hands-on experience integrating security testing tools into modern CI/CD pipelines (e.g., GitHub Actions, GitLab CI, Jenkins, Snyk, Semgrep).
  • Experience with cloud computing infrastructure (AWS, GCP, or Azure), containerization (Docker), and orchestration (Kubernetes).
  • Business proficient written and spoken English.

Nice to have

  • Experience in Fintech or highly regulated environments.
  • Experience managing or triaging external penetration testing reports and crowdsourced bug bounty programs.
  • German language skills.

What they offer

  • Competitive salary and variable remuneration program.
  • Learning & development budget of €1000 per year and transparent growth framework.
  • Home office budget and opportunity to work abroad for up to 12 weeks per year.
  • 28 vacation days, increasing by 2 days after 2 years and 3 days after 3 years.
  • Monthly meal allowance and Deutschland ticket subsidy.
APPLY →