Staff Security Engineer (Product Security)

TL;DR

Staff Security Engineer (Product Security): Driving the overarching technical strategy for application security and reducing real-world risk across the product landscape with an accent on Secure by Design philosophy and automated guardrails. Focus on pioneering AI-driven security automation, scaling vulnerability management, and bridging the gap between AppSec, AI/ML, and Infrastructure security.

Location: Hybrid (Berlin, Germany). Must be able to work from the Berlin campus 2 days a week.

Company

A pioneering local delivery platform operating in around 65 countries worldwide, headquartered in Berlin.

What you will do

• Drive the strategic technical roadmap for Product Security, scaling threat-modeling and secure coding globally.
• Lead security architecture reviews and identify complex design flaws early in the SDLC.
• Architect and manage a scalable vulnerability management program, integrating Bug Bounty and VDP inputs.
• Automate DevSecOps and CI/CD pipelines by embedding SAST, DAST, and SCA tools.
• Implement AI-powered code security automation and LLM-based vulnerability triage.
• Collaborate with Infrastructure Security on CSPM and Security Operations on incident readiness.

Requirements

• Proven leadership as a staff-level individual contributor in massive, global software environments.
• Deep expertise in web and mobile application security and managing vulnerability disclosure programs.
• Working knowledge of AI security frameworks such as OWASP Top 10 for LLM, MITRE ATLAS, and NIST AI RMF.
• Proficiency in multiple modern programming languages (Java, Python, Go) to remediate complex vulnerabilities.
• Experience with cloud security (AWS, GCP, or Azure) and containerized ecosystems (Kubernetes, Docker).
• Must be based in or be able to work hybrid in Berlin, Germany.

Nice to have

• Experience securing highly distributed, event-driven microservices architectures at global scale.
• History of public security research, CVE discovery, or active contributions to open-source security tools.
• Advanced certifications such as CSSLP, CASE, AWS Security Specialty, or CISSP.

Culture & Benefits

• Hybrid work model with 2 days a week at the Berlin campus.
• 27 days of holiday, with additional days granted based on tenure.
• €1,000 Educational Budget, language courses, and access to Udemy Business.
• Wellness support including health checkups, meditation, yoga, and gym/bicycle subsidies.
• Financial perks: Employee Share Purchase Plan, corporate pension, and life/accident insurance.
• Digital meal vouchers, food vouchers, and various corporate discounts.