Skip to content
mimi

Senior Security Engineer (Application Security)

Deepstreamtech

Berlin · On-site Full-time Senior 1mo ago

About the role

About

We have a bold mission to empower everyone to build wealth with easy, safe, and free access to financial systems. You will have the opportunity to grow your career by collaborating with a team of outstanding talents and state of the art technology to build a lasting, positive future for millions.

What the job involves

As a Senior Security Engineer in our Application Security team, you'll safeguard Trade Republic's applications and development lifecycle through proactive security integration and engineering excellence.

Responsibilities

  • Partner with engineering teams to embed security into the software development lifecycle from design to deployment
  • Conduct security code reviews, threat modeling sessions, and architecture reviews for critical applications and services
  • Design and implement SAST, DAST, and SCA solutions to identify vulnerabilities early in the development process
  • Build and maintain application security testing automation within CI/CD pipelines
  • Develop secure coding standards, security libraries, and reusable security components for engineering teams
  • Perform penetration testing and vulnerability assessments of web applications, APIs, and mobile applications
  • Triage, prioritise, and remediate application vulnerabilities working closely with development teams
  • Create security champions program and provide security training to engineering teams
  • Research emerging application security threats and integrate defensive measures into the security architecture
  • Contribute to bug bounty program management and coordinate with external security researchers

Requirements

  • 5+ years as a Security Engineer with 4+ years focused on application security
  • Deep understanding of web application security (OWASP Top 10, API security, authentication/authorization)
  • Hands‑on experience with security testing tools (Burp Suite, OWASP ZAP, Semgrep, etc.)
  • Strong programming skills in modern languages (Python, Java, Kotlin, Go, or JavaScript)
  • Experience integrating security tooling into CI/CD pipelines (Git Hub Actions, Git Lab CI, Jenkins)
  • Expertise in secure architecture patterns for microservices, APIs, and distributed systems
  • Solid understanding of cryptography, secure session management, and identity/access management
  • Hands‑on experience with security testing of cryptocurrency/blockchain infrastructure and applications is a major bonus
  • Experience with mobile application security (iOS/Android)
  • Knowledge of compliance frameworks (PCI‑DSS, GDPR, MaRisk) is advantageous
  • Excellent communication skills to translate security concepts for engineering audience

Skills

API securityAWS LambdaBurp SuiteCI/CDCryptographyDASTDockerGDPRGoGit Hub ActionsGit Lab CIIdentity and Access ManagementiOSJavaJavaScriptJenkinsKotlinMaRiskMicroservicesOWASPOWASP ZAPPCI-DSSPythonSASTSCASemgrepWeb application security

Don't send a generic resume

Paste this job description into Mimi and get a resume tailored to exactly what the hiring team is looking for.

Get started free