Senior/Staff Application Security Engineer (f/m/x)

As a Senior/Staff Application Security Engineer (f/m/d) you will be responsible for ensuring the security of our applications throughout the software development lifecycle (SDLC). You will work closely with development product and DevOps teams to embed security practices conduct threat modeling and lead secure code reviews.

We offer speed agility and steep career growth. Our vision to make sustainable solar energy available to everyone can only come to live through our customer and product-oriented view and the cooperation between software development product management and lean experiment-driven business development.

Join us to develop your professional skills take part in the energy revolution and let us take ownership of the sustainable change we want to see in the world together! We are looking forward to your application.

At Enpal you would be

building secure solutions. We are serious about delivering incremental value in each iteration and we celebrate when we improve peoples experience with our solution make an impact towards our climate goals.

adopting Shift-Left and Zero-Trust approaches. We emphasize proactive and continuous security measures helping us stay ahead of potential threats and ensuring robust protection of assets applications and services.

developing application Security Program: Partner with software engineering and product teams to embed security across all stages of the SDLC (design development testing deployment).

conducting Threat Modeling & Risk Assessment: Lead threat modeling sessions drive secure design and code reviews and perform application-level risk assessments.

establishing Security Training & Mentorship: Serve as a hands-on security advisor to developers by offering training guidance and support on secure software development practices and security champions development.

enforcing Secure Coding Standards: Define maintain and enforce secure coding standards guidelines and reusable security patterns across development teams.

Qualifications :

We are looking for roughly a 50% fit with for what we ask. The other 50% is a surprise to us it is the magic you bring to the table and the diversity in which you make us grow.

you have minimum of 5 years of experience in application security with a strong understanding of secure coding practices and application security vulnerabilities (e.g. OWASP Top 10 ASVS MSVS)

you have hands-on experience embedding security throughout the entire software development lifecycle - from design and coding to integration and deployment

you have hands-on experience with threat modelling approaches STRIDE PASTA DREAD and supporting tools like TMT IriusRisk etc.

you have proficiency in multiple programming languages .Net is a plus.

you have knowledge of cloud computing platforms; Azure is a plus.

you have experience with security tooling and automation across domains like SAST SCA DAST.

you have experience identifying and addressing security flaws in APIs and applications with a solid understanding of OWASP principles

you have relevant certifications CSSLP OSCP OSWA are plus.

you communicate clearly in English spoken and written. Crisp and concise ways of formulating your ideas and opinions. Knowledge of German is a plus.

you are inspired by the energy transition and want to make a difference. We are one of the biggest players in the solar business and want to make this change with you.

you want to participate in a company where empowerment and initiative is valued. We are looking for people who want to grow their personal skills and knowledge take responsibility steer and influence for what they feel is right.

agile and lean values are embodied by you. People over processes. Code over documentation. Reducing waste by building minimum viable products first testing it with real users growing and maintaining solutions as requirements evolve.

Additional Information :

• Work in Germanys first green unicorn and actively shape the solar energy revolution. 

• The sun shines all over the world - at Enpal you will find a highly motivated and diverse team with more than 65 different nationalities. 

• Would you rather keep your pet company at home or your colleagues at the office Even after the pandemic we offer you a hybrid working model 

• We fulfill every start-up clich - in our modern office in Berlin-Friedrichshain youll find everything your heart desires from a ping-pong table and yoga corner to a roof terrace and stocked drinks fridges. 

• Your kick-start at Enpal - Get to know the company your team colleagues and our founder Mario on your onboarding day. 

• Stay up to date - Whether its company figures at our monthly all-hands meetings or how a photovoltaic system works at the Lunch & Learn youll always know exactly whats going on. 

• Energy transition only works together - At Enpal you can expect a legendary team spirit and unforgettable team events. 

• No mistakes no progress - We live a strong feedback culture and grow with your input either personally or anonymously via our feedback tool Culture Amp. 

Remote Work :

No

Employment Type :

Full-time