Senior Application Security Engineer

Beschreibung

Job Zusammenfassung In dieser Rolle agierst du als Berater für das Team, entwirfst Sicherheitskontrollen, führst Codeprüfungen durch und automatisierst Sicherheitschecks in CI/CD-Pipelines, um die Sicherheitslage des Unternehmens zu stärken. Job Zusammenfassung In dieser Rolle agierst du als Berater für das Team, entwirfst Sicherheitskontrollen, führst Codeprüfungen durch und automatisierst Sicherheitschecks in CI/CD-Pipelines, um die Sicherheitslage des Unternehmens zu stärken. Deine Rolle im Team Acting as a trusted advisor to the engineering team to improve our security posture. Designing, implementing, and maintaining security controls. Performing code and configuration security reviews and advocating for secure coding practices to support an overall shift-left strategy. Automating security checks and guardrails (SAST, DAST, and secret scanning) into CI/CD pipelines, promoting a true 'security-as-code' methodology. Partnering on vulnerability triage and driving remediation. Performing and coordinating security tests and threat modeling around our product and the related infrastructure. Translating security requirements into enforceable technical controls by automating evidence collection and configuring platform settings. Unsere Erwartungen an dich Ausbildung Bachelor's or Master's degree in Computer Science, Information Technology, Cybersecurity, or a closely related technical field. Qualifikationen Expertise in cloud technologies (AWS, GCP, or Azure). Proficiency in at least one programming language for scripting, security tooling development, and automating GRC evidence collection. A proven track record of driving security initiatives with a strong sense of ownership. Erfahrung 5+ years as a Security Engineer (or equivalent). Experience within a high-growth SaaS, E-commerce, or Fintech environment. Experience with both API and web security, potential attack vectors, and how to advocate for and implement scalable best practices. Experience with diving deep into the business logic of a SaaS application to determine and verify attack vectors. Proficiency in Terraform for securing infrastructure, combined with hands-on experience in integrating security testing. Preferred: Experience in a modern application tech stack including GCP, Golang, and TypeScript. Preferred: Experience with PCI DSS script security. Preferred: Experience in executing Red or Purple Team operations and advanced penetration testing, and the ability to effectively collaborate with development teams to drive the remediation of software vulnerabilities. Unser Angebot Play a mission-critical role for global brands, redefining fan experiences from festivals to major sports events. We scale sustainably on a profitable, VC-backed foundation with true product-market fit. Collaborate with over 160 dedicated professionals, including leaders from Google, Slack, and Salesforce. We're a diverse, merit-driven team spread across six global offices. Sifted consistently ranks us among the fastest-growing scale-ups in Europe. Work alongside some of tech's brightest minds - from Forbes 30 Under 30 founders to Executive of the Year award winners. Themen mit denen du dich im Job beschäftigst API Design Cyber/Security Metadaten Level: Senior Job Feld: IT, Security Anstellung: Vollzeit Vertragsart: Unbefristetes Dienstverhältnis Arbeitsmodell: Hybrid, Onsite Unternehmenstyp: Startup Branche: Internet, IT, Telekom Ort: Frankfurt am Main | Deutschland

Tech Stack