Senior Security Engineer; Application Security

Stellenbezeichnung: Senior Security Engineer (Application Security) Requirements5+ years as a Security Engineer with 4+ years focused on application securityDeep understanding of web application security (OWASP Top 10, API security, authentication/authorization)Hands‑on experience with security testing tools (Burp Suite, OWASP ZAP, Semgrep, etc.)Strong programming skills in modern languages (Python, Java, Kotlin, Go, or JavaScript)Experience integrating security tooling into CI/CD pipelines (Git Hub Actions, Git Lab CI, Jenkins)Expertise in secure architecture patterns for microservices, APIs, and distributed systemsSolid understanding of cryptography, secure session management, and identity/access managementHands‑on experience with security testing of cryptocurrency/blockchain infrastructure and applications is a major bonusExperience with mobile application security (iOS/Android)Knowledge of compliance frameworks (PCI‑DSS, GDPR, MaRisk) is advantageousExcellent communication skills to translate security concepts for engineering audienceWhat the job involvesWe have a bold mission to empower everyone to build wealth with easy, safe, and free access to financial systems. You will have the opportunity to grow your career by collaborating with a team of outstanding talents and state of the art technology to build a lasting, positive future for millionsAs a Senior Security Engineer in our Application Security team, you'll safeguard Trade Republic's applications and development lifecycle through proactive security integration and engineering excellencePartner with engineering teams to embed security into the software development lifecycle from design to deploymentConduct security code reviews, threat modeling sessions, and architecture reviews for critical applications and servicesDesign and implement SAST, DAST, and SCA solutions to identify vulnerabilities early in the development processBuild and maintain application security testing automation within CI/CD pipelinesDevelop secure coding standards, security libraries, and reusable security components for engineering teamsPerform penetration testing and vulnerability assessments of web applications, APIs, and mobile applicationsTriage, prioritise, and remediate application vulnerabilities working closely with development teamsCreate security champions program and provide security training to engineering teamsResearch emerging application security threats and integrate defensive measures into the security architectureContribute to bug bounty program management and coordinate with external security researchers#J-18808-Ljbffr