Назад
Company hidden
14 часов назад

Staff Security Engineer (Product Security)

Формат работы
hybrid
Тип работы
fulltime
Грейд
senior
Английский
b2
Страна
Germany
Вакансия из списка Hirify.GlobalВакансия из Hirify RU Global, списка компаний с восточно-европейскими корнями
Для мэтча и отклика нужен Plus

Мэтч & Сопровод

Для мэтча с этой вакансией нужен Plus

Описание вакансии

Текст:
/

TL;DR

Staff Security Engineer (Product Security): Driving the overarching technical strategy for application security and reducing real-world risk across the product landscape with an accent on Secure by Design philosophy and automated guardrails. Focus on pioneering AI-driven security automation, scaling vulnerability management, and bridging the gap between AppSec and Infrastructure Security.

Location: Hybrid in Berlin, Germany (must be present in the office 2 days a week)

Company

A pioneering global local delivery platform operating in around 65 countries worldwide.

What you will do

  • Drive the strategic technical roadmap for Product Security and scale threat-modeling methodologies across the global ecosystem.
  • Lead security architecture reviews to identify design flaws and co-author secure-by-default architectural blueprints.
  • Architect and run a scaled vulnerability management program, incorporating internal testing and Bug Bounty/VDP inputs.
  • Replace manual gates with automated DevSecOps workflows, embedding SAST, DAST, and SCA tools into CI/CD pipelines.
  • Design and implement AI-powered code security automation and leverage LLMs for automated vulnerability triage.
  • Collaborate with Infrastructure Security and Security Operations to align application vulnerabilities with cloud risk and incident readiness.

Requirements

  • Proven engineering leadership as a staff-level individual contributor in massive, global software environments.
  • Deep fundamental understanding of modern web and mobile application security and experience managing Bug Bounty programs.
  • Strong working knowledge of AI security frameworks such as OWASP Top 10 for LLM, MITRE ATLAS, and NIST AI RMF.
  • Hands-on proficiency in Java, Python, or Go to code, review, and remediate complex vulnerabilities.
  • Experience with cloud security (AWS, GCP, or Azure) and containerized ecosystems like Kubernetes and Docker.
  • Deep understanding of IAM protocols (OAuth, OIDC, SAML) and Zero Trust architecture design.

Nice to have

  • Experience securing highly distributed, event-driven microservices architectures at global scale.
  • History of public security research, CVE discovery, or contributions to open-source security/AI safety tooling.
  • Advanced certifications such as CSSLP, CASE, AWS Security Specialty, Google Professional Cloud Security Engineer, or CISSP.

Culture & Benefits

  • Hybrid working model with face-to-face collaboration at the Berlin campus.
  • 27 days of holiday, with additional days granted based on years of service.
  • €1,000 educational budget, language courses, and access to Udemy Business.
  • Comprehensive wellness perks including health checkups, meditation, yoga, and gym/bicycle subsidies.
  • Financial incentives including an Employee Share Purchase Plan, Corporate Pension Plan, and Life & Accident Insurance.
  • Meal vouchers and corporate discounts.

Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →