Cyber Security Staff Engineer Application Security
Job Summary
Solarisis Europes leading embedded finance platform. Solaris full German banking license and proprietary modular B2B tech stack empowers its partners from SMEs to large multinational non-financial companies to offer compliant customer-centric banking services providing seamless experiences to customers across all industries. Founded in 2016 Solaris pioneered the Banking-as-a-Service market with an unparalleled combination of tech and banking. Solaris is headquartered in Berlin and employs 300 people in Europe.
Your Role
- Integrate security seamlessly into the Software Development Lifecycle (SDLC) and DevSecOps pipelines by automating security gates (SAST DAST SCA and container scanning).
- Conduct thorough threat modeling and architectural security reviews for complex applications APIs and microservices prior to deployment.
- Perform deep-dive manual and automated secure code reviews across various codebases to identify logic flaws and subtle implementation vulnerabilities.
- Build and maintain secure-by-default internal libraries frameworks and developer tools to systematically eliminate entire classes of vulnerabilities.
- Take ownership of the application vulnerability lifecycle including triaging validating and prioritizing vulnerabilities originating from internal testing penetration tests and external bug bounty programs.
- Act as a strategic partner to product and engineering teams providing pragmatic mitigation guidance that balances product velocity with security assurance.
- Design and deliver modern hands-on secure coding training and security awareness initiatives for engineering teams (e.g. addressing OWASP Top 10 LLM/AI security risks).
- Support incident response and detection teams during application-level security incidents or potential data breaches leading post-mortem analysis for software flaws.
- Ensure application security controls remain fully compliant with relevant financial data protection regulations fintech standards and internal tech policies.
- Owners of this function make sure that they follow the defined Policies & Procedures for the institution (which includes explicit processes defined for Tech which are properly defined in the respective confluence spaces).
- Take ownership of the tech responsibilities as described in our Change Management Policies.
Wed love to see
Depending on your level of experience your responsibilities and scope of role will range. We dont care much about fancy titles but rather about real personal and professional development as laid out in ourlearning framework. Lets figure together out how you can contribute to our team.
- A degree in Computer Science Software Engineering Information Technology Cybersecurity or equivalent professional experience.
- 6 years of experience in dedicated Application Security DevSecOps or Software Engineering roles with a strong focus on security in high-growth cloud environments (Fintech or highly regulated environment is a plus).
- Proven experience analyzing and securing code written in our core tech stack/modern languages (e.g. Java Go Python TypeScript or Rust).
- Deep understanding of web application vulnerabilities API security and exploitation techniques (OWASP Top 10 CWE).
- Hands-on experience integrating security testing tools into modern CI/CD pipelines (e.g. GitHub Actions GitLab CI Jenkins Snyk Semgrep).
- Experience with cloud computing infrastructure (AWS GCP or Azure) containerization (Docker) and orchestration (Kubernetes).
- Experience managing or triaging external penetration testing reports and crowdsourced bug bounty programs.
- Understands agile workflows and lean principles.
- Experience by doing threat modeling.
- Individual Contributor technical mentorship focus.
- Business proficient written and spoken is a plus.
- Ability to translate complex cryptographic or technical security vulnerabilities into business risk for non-technical stakeholders and actionable fixes for developers.
- Empathic collaborator who builds bridges between security goals and engineering targets avoiding the department of No stereotype.
- Strong analytical mindset capable of finding creative ways to secure cutting-edge application architectures.
- Ability to thrive in a fast-paced environment and adapt security strategies to evolving product frameworks.
- Proactive peer that helps the growth of the team.
- Curious constant learner that is willing to share learning with others
Benefits
- Home office budget.
- Learning & development budget of 1000 per year and a transparent growth framework to support your career goals.
- Competitive salary and a variable remuneration program.
- Monthly meal allowance.
- Deutschland ticket subsidy.
- 28 vacation days increasing by 2 days after 2 years and 3 days after 3 years with Solaris.
- Opportunity towork abroad for up to 12 weeks per year.
While job ads usually paint an ideal picture of a candidate studies show that most applicants meet an average of 60% of the criteria. Unfortunately many promising candidates tend to apply only if they meet all the criteria. So if you think you have what it takes but dont necessarily meet every single item in the job description please contact us anyway. Wed love to talk with you and find out if you might be a good fit for us.
At Solaris we are committed to nurturing an inclusive environment where all Solarians feel valued respected and supported. We are dedicated to building a diverse workforce that reflects the diversity of our communities. We are committed to equal employment opportunity regardless of color ethnicity religion sex origin disability marital status citizenship or gender identity. We are proud to be an equal opportunity workplace. If you have a disability or special need that requires accommodation please let us know.
Information on data processing:
DE: annual gross salary range for this position is:
85.000 - 110.000 EUR
About Company
The tech company with a banking license - our Banking-as-a-Service platform has everything you need to build your own banking products.