Product Security Engineer (mfx)

Berlin - Germany

Monthly Salary: Not Disclosed

Posted on: 2 hours ago

Vacancies: 1 Vacancy

Department:

Engineering

Job Summary

Were looking for a Product Security Engineer to join our team and help champion the security of our platform. We dont expect you to be a unicorn who knows everything on day one; instead we are looking for someone with a strong foundation in application security who is eager to learn and grow.
In this role you will act as a bridge between security and engineering. You will start by focusing on hands-on security testing and code review and with the support of senior team members you will gradually expand your scope to include architecture reviews automated tooling and strategic security initiatives.

What Youll Do (and learn to do)

Application Security Testing: Perform security assessments and code reviews on our web apps mobile apps and APIs. You will combine manual testing with automated tooling to validate security controls against industry standards.
Vulnerability Disclosure & Management: Triage incoming reports from bug bounties vulnerability disclosures and external penetration tests. You will help manage the intake process and work towards establishing a formal Bug Bounty program in the future.
Secure Software Development Lifecycle (SSDLC): Assist in integrating security tooling (SAST DAST SCA) into our CI/CD pipelines (AWS/GitHub). You will help tune these tools to ensure high-fidelity alerts for our developers.
Threat Modeling Support: Partner with senior security engineers and product teams to participate in threat modeling sessions. You will learn to identify architectural flaws and logic vulnerabilities in the design phase.
Developer Enablement: Collaborate with engineering teams to advocate for secure coding practices. You will help build paved roadssecure defaults and librariesthat make it easier for developers to write secure code in Kotlin and Python.
Cloud Security Basics: Gain exposure to securing infrastructure-as-code and AWS environments helping ensure our microservices architecture remains resilient.

Qualifications :

Bachelors degree in Computer Science Information Security or a related field (or equivalent practical experience).
Profound experience in Application Security Product Security or Software Engineering with a security focus. We are looking for potential and foundational skills over a perfect checklist.
Strong understanding of the OWASP Top 10 and familiarity with verification standards like OWASP ASVS/MASVS. You know what good looks like and how to verify it.
You can read and review code. Familiarity with Kotlin Java Python or TypeScript is highly desired. You should be comfortable discussing code logic with developers.
Experience with Burp Suite or similar testing tools. Familiarity with CI/CD concepts (GitHub Actions) is a plus.
Certifications are nice to have but not required. Examples include OSCP GWAPT GCPN CSSLP or AWS Security Specialty.
You have high empathy for developers. You can explain technical findings clearly and enjoy working in a collaborative environment.
You believe security is a team sport. You prefer collaboration over confrontation and have a strong teamwork orientation.

Additional Information :

Be part of one of the fastest-growing and most visible Fintech startups in Europe creating innovative services that have a substantial impact on the lives of our customers
Work with an international diverse inclusive and ever-growing team that loves creating the best products for our clients
Work from our centrally located offices in the heart of Munich or Berlin nestled in lively neighborhoods filled with vibrant restaurants cozy cafés and a wide range of convenient amenities
Be productive with the latest hardware and tools
Learn and grow by joining our in-house knowledge sharing or career development sessions and spending your individual Education Budget
Learn and experience German culture first hand by joining our free German language classes
International relocation support is provided if required
Flexible vacation policy and the opportunity to work from abroad
Benefit from an attractive compensation package and from the company pension scheme
Monthly contribution of 50% for the Deutschland Jobticket
Say goodbye to order commissions and say hello to your complimentary subscription of Scalable Capitals PRIME Broker
Enjoy flexible and discounted sports activities with Urban Sports Club

Remote Work :

Employment Type :

Full-time

What Youll Do (and learn to do)

Application Security Testing: Perform security assessments and code reviews on our web apps mobile apps and APIs. You will combine manual testing with automated tooling to validate security controls against industry standards.
Vulnerability Disclosure & Management: Triage incoming reports from bug bounties vulnerability disclosures and external penetration tests. You will help manage the intake process and work towards establishing a formal Bug Bounty program in the future.
Secure Software Development Lifecycle (SSDLC): Assist in integrating security tooling (SAST DAST SCA) into our CI/CD pipelines (AWS/GitHub). You will help tune these tools to ensure high-fidelity alerts for our developers.
Threat Modeling Support: Partner with senior security engineers and product teams to participate in threat modeling sessions. You will learn to identify architectural flaws and logic vulnerabilities in the design phase.
Developer Enablement: Collaborate with engineering teams to advocate for secure coding practices. You will help build paved roadssecure defaults and librariesthat make it easier for developers to write secure code in Kotlin and Python.
Cloud Security Basics: Gain exposure to securing infrastructure-as-code and AWS environments helping ensure our microservices architecture remains resilient.

Qualifications :

Bachelors degree in Computer Science Information Security or a related field (or equivalent practical experience).
Profound experience in Application Security Product Security or Software Engineering with a security focus. We are looking for potential and foundational skills over a perfect checklist.
Strong understanding of the OWASP Top 10 and familiarity with verification standards like OWASP ASVS/MASVS. You know what good looks like and how to verify it.
You can read and review code. Familiarity with Kotlin Java Python or TypeScript is highly desired. You should be comfortable discussing code logic with developers.
Experience with Burp Suite or similar testing tools. Familiarity with CI/CD concepts (GitHub Actions) is a plus.
Certifications are nice to have but not required. Examples include OSCP GWAPT GCPN CSSLP or AWS Security Specialty.
You have high empathy for developers. You can explain technical findings clearly and enjoy working in a collaborative environment.
You believe security is a team sport. You prefer collaboration over confrontation and have a strong teamwork orientation.

Additional Information :

Be part of one of the fastest-growing and most visible Fintech startups in Europe creating innovative services that have a substantial impact on the lives of our customers
Work with an international diverse inclusive and ever-growing team that loves creating the best products for our clients
Work from our centrally located offices in the heart of Munich or Berlin nestled in lively neighborhoods filled with vibrant restaurants cozy cafés and a wide range of convenient amenities
Be productive with the latest hardware and tools
Learn and grow by joining our in-house knowledge sharing or career development sessions and spending your individual Education Budget
Learn and experience German culture first hand by joining our free German language classes
International relocation support is provided if required
Flexible vacation policy and the opportunity to work from abroad
Benefit from an attractive compensation package and from the company pension scheme
Monthly contribution of 50% for the Deutschland Jobticket
Say goodbye to order commissions and say hello to your complimentary subscription of Scalable Capitals PRIME Broker
Enjoy flexible and discounted sports activities with Urban Sports Club

Remote Work :

Employment Type :

Full-time

Key Skills

APQP
Six Sigma
GD&T
Root cause Analysis
CAD
Project Leadership
SolidWorks
Mechanical Engineering
Quality Management
Product Development
Catia
Manufacturing

Apply Now

About Company

Scalable GmbH

Scalable Capital is a leading FinTech in Europe, bringing people and technology-based investment together. The company was founded in 2014 and has offices in Munich, Berlin and London. For private individuals, Scalable Capital offers a broker with a trading flat rate and interest and ... View more

View Profile View Profile

AI AutoApply

Apply to 100+ jobs with one click