Application Security Engineer (m/w/d)

We are looking for a (Senior) Application Security Engineer to strengthen the security of our software products in a hybrid on-premise and SaaS environment. In this role, you will contribute through deep technical expertise and hands-on involvement in the analysis, design, and improvement of application security across our product landscape.

You will work closely with software development and architecture teams, directly engaging with source code, systems, and technical designs to identify and mitigate security risks. The position emphasizes technical contribution, secure engineering practices, and continuous improvement of security standards within the organization.

Your responsibilities include performing security reviews and tests, advising on secure design decisions, and actively supporting security awareness in day-to-day engineering work.

Key Responsibilities

• Identify security vulnerabilities through code reviews, dynamic testing, and penetration testing
• Analyze and explain security risks in complex software systems and propose practical, organization-ready solutions
• Work hands-on with an evolving legacy product in a hybrid on-premise and cloud setup
• Advise development teams on secure coding practices and architectural security aspects
• Support compliance with relevant security standards and regulations
• Use and maintain common security tools for analysis and testing
• Train software developers in secure coding and foster security awareness within engineering teams
• Stay up to date with modern security topics, including AI-assisted development and security tooling

• Solid experience in software development
• Proven experience in identifying security issues via code review and dynamic testing (e.g. penetration tests)
• Excellent professional communication skills, with the ability to explain complex security topics clearly and concisely
• High level of independence and structured working style in a complex corporate environment
   (understanding the task, identifying stakeholders, preparing solutions that fit the organization)
• Good understanding of common security flaws and mitigation strategies (e.g. OWASP Top 10)
• Knowledge of security standards and regulations such as GDPR, NIST, and OWASP ASVS
• Practical experience with object-oriented and scripting languages such as Java, C#, JavaScript, Python, and Bash
• Understanding of network and web protocols (TCP/IP, HTTP/1–3, HTTPS, TLS)
• Solid grasp of SaaS security fundamentals (databases, web APIs, containerization)
• Hands-on experience with security tools such as static analysis tools, Burp Suite, OWASP ZAP, NMAP, Wireshark, SonarQube, Kali or Parrot Linux
• Understanding of modern cryptography concepts including encryption, authentication, key management, and hashing
• Willingness to work with and responsibly use LLM-based code generation and generative AI tools in daily work

• Experience in designing or using multi-agent AI systems for software development
• Experience in applying multi-agent AI systems for security analysis or threat modeling
• Relevant certifications such as OSWE, CISSP, CEH, or comparable credentials

• A diverse working environment where you can contribute your expertise long term
• Targeted professional and personal development opportunities, supported by training and mentoring
• Flat hierarchies and an open, collaborative company culture
• Flexible, trust-based working hours with mobile office options and an attractive compensation package
• Additional benefits such as MultiSport and Luxmed