D
Senior Security Engineer (Application Security)
Deepstreamtech
Berlin · On-site Full-time Senior 1mo ago
About the role
About
We have a bold mission to empower everyone to build wealth with easy, safe, and free access to financial systems. You will have the opportunity to grow your career by collaborating with a team of outstanding talents and state of the art technology to build a lasting, positive future for millions.
What the job involves
As a Senior Security Engineer in our Application Security team, you'll safeguard Trade Republic's applications and development lifecycle through proactive security integration and engineering excellence.
Responsibilities
- Partner with engineering teams to embed security into the software development lifecycle from design to deployment
- Conduct security code reviews, threat modeling sessions, and architecture reviews for critical applications and services
- Design and implement SAST, DAST, and SCA solutions to identify vulnerabilities early in the development process
- Build and maintain application security testing automation within CI/CD pipelines
- Develop secure coding standards, security libraries, and reusable security components for engineering teams
- Perform penetration testing and vulnerability assessments of web applications, APIs, and mobile applications
- Triage, prioritise, and remediate application vulnerabilities working closely with development teams
- Create security champions program and provide security training to engineering teams
- Research emerging application security threats and integrate defensive measures into the security architecture
- Contribute to bug bounty program management and coordinate with external security researchers
Requirements
- 5+ years as a Security Engineer with 4+ years focused on application security
- Deep understanding of web application security (OWASP Top 10, API security, authentication/authorization)
- Hands‑on experience with security testing tools (Burp Suite, OWASP ZAP, Semgrep, etc.)
- Strong programming skills in modern languages (Python, Java, Kotlin, Go, or JavaScript)
- Experience integrating security tooling into CI/CD pipelines (Git Hub Actions, Git Lab CI, Jenkins)
- Expertise in secure architecture patterns for microservices, APIs, and distributed systems
- Solid understanding of cryptography, secure session management, and identity/access management
- Hands‑on experience with security testing of cryptocurrency/blockchain infrastructure and applications is a major bonus
- Experience with mobile application security (iOS/Android)
- Knowledge of compliance frameworks (PCI‑DSS, GDPR, MaRisk) is advantageous
- Excellent communication skills to translate security concepts for engineering audience
Skills
API securityAWS LambdaBurp SuiteCI/CDCryptographyDASTDockerGDPRGoGit Hub ActionsGit Lab CIIdentity and Access ManagementiOSJavaJavaScriptJenkinsKotlinMaRiskMicroservicesOWASPOWASP ZAPPCI-DSSPythonSASTSCASemgrepWeb application security
Don't send a generic resume
Paste this job description into Mimi and get a resume tailored to exactly what the hiring team is looking for.
Get started free