Staff Security Engineer, Product Security team (all genders)

Requirements:

• Proven Engineering Leadership: A strong track record of driving complex application security and DevSecOps initiatives as a staff-level individual contributor in massive, global software environments.
• Comprehensive Web & Mobile Security: Deep, fundamental understanding of modern web and mobile application security topics, including hands-on experience managing external Bug Bounty and vulnerability disclosure programs.
• AI Security Expertise: Strong working knowledge of industry-standard security frameworks for artificial intelligence, such as the OWASP Top 10 for LLM Applications, MITRE ATLAS, and the NIST AI RMF.
• AI & Security Automation Hands-on Experience: Practical understanding of utilizing artificial intelligence (including LLMs/Generative AI) for security engineering use cases, such as automated vulnerability analysis, script generation, triage optimization, and code security remediation.
• Privacy, Ethics & Regulations: A solid understanding of global data privacy laws (e.g., GDPR), ethical AI considerations, and the regulatory impacts of the EU AI Act on application architecture.
• Risk-Based Vulnerability Management: Strong expertise in vulnerability validation and triage, with the ability to look past raw CVSS scores to calculate actual business impact, coupled with excellent stakeholder management skills to align engineering teams on remediation.
• Secure Coding & Remediation Proficiency: Deep hands-on proficiency in multiple modern programming languages (e.g., Java, Python, Go) and the ability to confidently code, review, and remediate complex vulnerabilities (such as the OWASP Top 10) directly within application repositories.
• Cloud & CSPM Familiarity: Strong working knowledge of cloud security (AWS, GCP, or Azure) and containerized ecosystems (Kubernetes, Docker), alongside an understanding of how to align application security signals with Cloud Security Posture Management (CSPM) platforms.
• Identity & Access Management (IAM): Deep understanding of modern authentication and authorization protocols (OAuth, OIDC, SAML) and how to design and enforce Zero Trust architectures at scale.
• Cross-Functional Security Ops Alignment: Basic working knowledge of security operations, threat detection, and incident response, ensuring that product architectures are built to be auditable, observable, and resilient against live attacks.

Nice to have:

• Experience securing highly distributed, event-driven microservices architectures at global scale.
• History of public security research, CVE discovery, or active contributions to open-source security or AI safety tooling.
• Advanced application security or cloud certifications (e.g., CSSLP, CASE, AWS Security Specialty, Google Professional Cloud Security Engineer, or CISSP).

What you'll be doing:

• Drive Product Security Maturity: Drive the strategic technical roadmap for the Product Security team, ensuring threat-modeling methodologies and secure coding practices scale efficiently across our global web and mobile application ecosystem.
• Lead Threat Modeling & Security Architecture Reviews: Apply your expertise to identify complex security design flaws early in the Software Development Life Cycle (SDLC) using frameworks and automation tools, co-authoring architectural blueprints that are secure by default.
• Scale Vulnerability Management & Governance: Architect and run our vulnerability management program at scale, validating and ranking vulnerabilities based on actual business risk.
• Master Stakeholder Management: Translate complex vulnerabilities into clear, actionable business risks and partner closely with engineering leadership for timely remediation.
• Automate DevSecOps & CI/CD Pipelines: Implement automated security testing tools directly into developer pipelines to catch high-risk flaws early.
• Pioneer AI-Driven Security Automation: Champion the adoption of artificial intelligence to revolutionize security workflows.
• Mentor and Inspire: Act as a technical beacon and foster a community of Security Champions.

Perks and benefits:

• Hybrid working model with face-to-face connection in Berlin campus
• 27 days holiday with extra days based on tenure
• Support for career growth and development
• Health and wellness benefits including gym subsidy and health checkups
• Financial benefits like Employee Share Purchase Plan and Public Transportation Ticket Discount
• Meal vouchers, corporate discounts, and more