Cyber Security Staff Engineer - Application Security
Solaris
Seniority
Senior
Model
In-Office
Sector
Salary
€85,000 – €110,000
Contract
Full-Time
Integrate security seamlessly into the Software Development Lifecycle (SDLC) and DevSecOps pipelines by automating security gates (SAST, DAST, SCA, and container scanning). Act as a strategic partner to product and engineering teams, providing pragmatic mitigation guidance that balances product velocity with security assurance.
What you'll do
- Integrate security seamlessly into the Software Development Lifecycle (SDLC) and DevSecOps pipelines by automating security gates (SAST, DAST, SCA, and container scanning).
- Conduct thorough threat modeling and architectural security reviews for complex applications, APIs, and microservices prior to deployment.
- Perform deep-dive manual and automated secure code reviews across various codebases to identify logic flaws and subtle implementation vulnerabilities.
- Build and maintain "secure-by-default" internal libraries, frameworks, and developer tools to systematically eliminate entire classes of vulnerabilities.
- Take ownership of the application vulnerability lifecycle, including triaging, validating, and prioritizing vulnerabilities originating from internal testing, penetration tests, and external bug bounty programs.
- Design and deliver modern, hands-on secure coding training and security awareness initiatives for engineering teams.
- Support incident response and detection teams during application-level security incidents, leading post-mortem analysis for software flaws.
What you'll need
- A degree in Computer Science, Software Engineering, Information Technology, Cybersecurity, or equivalent professional experience.
- 6+ years of experience in dedicated Application Security, DevSecOps, or Software Engineering roles with a strong focus on security in high-growth cloud environments.
- Proven experience analyzing and securing code written in modern languages (e.g., Java, Go, Python, TypeScript, or Rust).
- Deep understanding of web application vulnerabilities, API security, and exploitation techniques (OWASP Top 10, CWE).
- Hands-on experience integrating security testing tools into modern CI/CD pipelines (e.g., GitHub Actions, GitLab CI, Jenkins, Snyk, Semgrep).
- Experience with cloud computing infrastructure (AWS, GCP, or Azure), containerization (Docker), and orchestration (Kubernetes).
- Business proficient written and spoken English.
Nice to have
- Experience in Fintech or highly regulated environments.
- Experience managing or triaging external penetration testing reports and crowdsourced bug bounty programs.
- German language skills.
What they offer
- Competitive salary and variable remuneration program.
- Learning & development budget of €1000 per year and transparent growth framework.
- Home office budget and opportunity to work abroad for up to 12 weeks per year.
- 28 vacation days, increasing by 2 days after 2 years and 3 days after 3 years.
- Monthly meal allowance and Deutschland ticket subsidy.

