Security Engineer App Sec

The job at a glance  
Join our team and youll be responsible for supporting our development teams by integrating security tools with our existing technology stack and CI/CD pipelines helping remediate Application Security findings and improving our Web Application Firewall.

Working in the Security department you will identify improvements in our Application Security stack and its integrations streamline change processes using Infrastructure as Code and play a key role in Stepstones Security Champions Programme by delivering sessions supporting Security Champions and collaborating on application-specific security needs.

This is so important to us. By joining our team you will be playing a vital role as together we reimagine the labour market to make it work for everybody.

Your responsibilities 

• Collaborate with cross-functional teams to ensure effective detection triage remediation and continuous improvement of Application Security processes.
• Support developers in the triage and remediation of findings generated by the Application Security Testing (AST) stack including tools such as SCA and SAST while driving enhancements across the SSDLC.
• Manage and take ownership of the Web Application Firewall (WAF) resolving issues raised by end users and other business stakeholders.
• Support development teams in onboarding domains endpoints and APIs to the WAF as well as maintaining and optimizing WAF rules.
• Support the Application Security Lead with initiatives within the Security Champions programme and assist development teams with Risk Threat and Vulnerability identification through Threat Modelling processes.

Qualifications :

Your skills and qualifications 

• Experience working with Application Security Testing (AST) technologies including triage support and providing remediation recommendations.
• Strong knowledge of Web Application Firewall (WAF) solutions with the ability to assess required changes and justify the most appropriate course of action.
• Experience integrating security tooling into DevOps pipelines infrastructure automation and CI/CD processes including embedding security checks.
• Knowledge of cloud platforms such as AWS and Azure container orchestration technologies and the ability to review code in popular programming languages to identify vulnerabilities.
• Proven ability to collaborate and communicate effectively with SOC GRC Corporate IT the wider Security team and development communities with a strong understanding of OWASP Top 10 risks (Web App API and LLM) and the confidence to operate in ambiguous environments while driving solutions forward.

Additional Information :

Our Technology Stack: 

Applications have a variety of programming languages including Java C# TypeScript etc. alongside 

• Terraform 

• AWS ECS Managed 

• AWS / Azure 

• ELK / Cribl / Kafka 

• Claude Code 

The Security Stack includes  

• ASPM solution (eg. Veracode Wiz Mend) 

• CSPM solution (eg. Wiz Lacework Microsoft Defender for Cloud) 

• CDN and CPN/WAF solution (eg. Cloudflare Akamai AWS CloudFront) 

• EDR and SIEM solution (eg. SentinelOne Microsoft Defender for Endpoint and Sentinel Crowdstrike) 

• Developer training solutions (eg. Secure Code Warrior Secure Flag) 

• Bug Bounty Platform (eg. Intigriti BugCrowd HackerOne) 

Your benefits 

Were a community here that cares as much about your life outside work as how you feel when youre with us. Because your job shouldnt take over your life it should enrich it. Here are some of the benefits we offer: 

• Premium medical and dental care  

• Life insurance  

• Flex Benefits - Worksmile Cafeteria System (Multisport vouchers tickets etc.)  

• Employee Referral Program  

• Hackathons Knowledge Sharing Hours In-house projects  

• Tech and sport communities  

• Events and integration parties  

• Charity initiatives 2 extra volunteer days  

• English/German classes  

• Game room and chillout zone 

Our commitment 

Equal opportunities are important to us. We believe that diversity and inclusion at The Stepstone Group are critical to our success as a global company so we want to recruit develop and keep the best talent. We encourage applications from everyone regardless of background gender identity sexual orientation disability status ethnicity belief age family or parental status and any other characteristic. 

Remote Work :

No