Application Security Engineer (m/f/d)
Application Security Engineer (m/f/d)
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
Job description
Are you ready to be a security leader in the SaaS space Join epilot!
We are looking for a security-minded engineer who goes beyond finding vulnerabilities and focuses on building automated resilient defenses into our AWS-powered products. You will combine technical expertise with a proactive security mindset to protect impactful software from the ground up.
epilot is building a SaaS product to sell complex products online focusing first on solving ecommerce in the rapidly transforming energy market. Our mission: Make selling complex products as easy as selling a pair of shoes online.
As the Application Security Engineer at epilot you will be a driving force in ensuring our products are secure by design. What makes working in engineering at epilot so special Our unique culture is defined by a few core principles that apply to all our engineers.
Among others you can expect freedom and responsibility because we hire smart people we can trust. We operate by principles and expect everyone to cultivate a strategic mindset.
We believe in ownership: you secure it you run it. You will work closely with development teams to integrate security into every stage of the lifecycle. There is no separate security silo to hand things off to youll design implement and automate defenses that keep our AWS-powered products safe and scalable. This includes integrating vulnerability testing tools supporting incident response and participating in bug bounty triage.
You should always show dont tell: Deliver secure working software early and frequently. We believe in the Agile principle of Release early and release often with the added goal of ensuring security from the first release onward. Fast feedback loops between ourselves our users and our security systems help us manage risk and make better decisions.
Does this sound like an environment you want to work in Then you could bet the right person to be an engineer at epilot!
We epilots are a team of experts from the fields of software development energy management product management and order to bring our solution even faster and more secured to the top in the energy world we are looking for you as a Security Engineer
Job requirements
What awaits you
As an Application Security Engineer at epilot youll play a key role in building secure-by-default features and hardening the backbone of our cloud-native platform. Youll work closely with engineers across the stack to shift security left and help us scale securely as we grow.
Heres what youll do:
Embed security into our development lifecycle by integrating SAST DAST and dependency scanning tools into CI/CD pipelines
Collaborate with engineering teams to identify vulnerabilities early and support remediation with actionable guidance
Build and maintain automation for security testing and compliance reporting
Work hands-on with AWS services to improve cloud security posture and advise on secure architecture
Drive threat modeling participate in secure code reviews and support bug bounty triage
Educate teams on secure coding practices and OWASP Top 10 risks in web and API development
Lead or support incident response efforts and post-incident reviews
Develop internal tooling or scripts to simplify and automate security operations
What you bring
Were looking for a security-minded engineer who thrives in a fast-paced product-centric environment and has the following skills and mindset:
Technical Foundation:
Proficient in any modern programming language (e.g. Python JavaScript Go etc.)
Conceptual understanding of OWASP Top 10 for both web and API applications
Experience with security tooling: SAST DAST AWS security services (GuardDuty IAM CloudTrail etc.)
Solid understanding of AWS infrastructure and cloud-native architectures
Background in scripting or automating processes in CI/CD environments
Bonus Points:
You were a software engineer before switching to security that mindset is gold
Certifications like OSCP or AWS Certified Security Specialty
Familiarity with IaC (Terraform CloudFormation) and Security-as-Code practices
Mindset:
You take ownership of initiatives see them through to completion and arent afraid to challenge the status quo
Youre pragmatic and collaborative security is a team sport not a gate
You love simplifying complex problems and turning them into scalable automated solutions
What we offer you
At epilot we believe in rewarding performance fostering growth and creating an environment where youll thrive:
Impactful Work: Be part of a product-driven company thats reshaping the energy sector.
Startup Mentality: Enjoy a dynamic atmosphere with flat hierarchies and open communication.
Flexibility: Work remotely or from our centrally located office in Cologne with flexible working hours.
Growth Opportunities: Your career will grow as fast as we do. Learn experiment and embrace a Fail Fast and Often mentality.
Competitive Compensation: We take your desired salary seriously and value performance.
Team Spirit: Join us for regular events like summer parties company breakfasts and our epic annual epilot summit where youll connect with co-epilots worldwide.
Transparency and Openness: Everything is open for discussion in our inclusive and supportive culture.
We are looking forward to your application ^^
- Kln Nordrhein-Westfalen Germany
Your application is on its way to us!
Since we want to take enough time for every single application I kindly ask for your patience until we finally come back to the meantime feel free to check out our promise to our epilots.
Employment Type
Full-Time
