Web App Security Engineer

Your role in the team

• Your ideas, decisions, and activities have a direct impact on improving the security of our application. You are creating a product that is used by over 400,000 small and micro-enterprises in Germany, making it safer day by day.
• You work closely with our feature teams to support them on security issues during the design, implementation, and operation of our application. In doing so, you delve deeply into the technical details. Additionally, you develop and oversee cross-team security mechanisms.
• In our Security Enablement Team, you have the opportunity to explore new areas, build, actively shape, and contribute ideas. You can look forward to activities such as Hacking Days and occasional after-work sessions.
• We offer a modern, agile working environment: from DevOps to Scrum or Kanban.

What we offer

• At Haufe Group, we create pioneering working conditions where everyone can contribute and develop to their fullest potential. We offer you space and responsibility, as well as the opportunity to work hybrid - which means a combination of office presence and home office, depending on your needs and agreement within your team.
• In addition, you benefit from flexible working hours and have a variety of training and development opportunities.

Technologies and skills

• AWS
• TypeScript
• npm
• JavaScript
• Java
• Bash
• Gradle
• Python

Our expectations:

Qualifications

• You are capable of assessing vulnerabilities within the context of our application and developing a course of action. You can draw on your knowledge of Java web applications and Javascript (Typescript) web clients. You understand how well-known dependency management tools such as NPM and Gradle work and are configured.
• Threat models are not an unfamiliar topic for you, and you are enthusiastic about designing such models together with colleagues, for example on a whiteboard. You can put yourself in the mindset of an adversary to identify threats.
• You can communicate vulnerabilities and security recommendations clearly and precisely to effectively support feature teams with security-related issues.
• Our team language is German, so very good German skills (at least C2) are a must. At the same time, you should also have very good English skills.

Experience

• You possess good knowledge and extensive experience in the field of web application and cloud security (preferably with AWS), and you also know how to securely configure, build, and release modern web applications (IaC, CI/CD, SDLC).
• You have development experience and can quickly assess whether a task should be automated, and you are capable of writing Bash, Python scripts, or other necessary tools for this purpose.
• Plus point: You have already gained experience in the Incident Response field.

Benefits

• Mentor Program
• Flexible Working Hours
• Fitness Offers
• Employee Discount
• Jobbike
• Coffee, Tea, etc.