Responsibilities
- We have a bold mission to empower everyone to build wealth with easy, safe, and free access to financial systems. You will have the opportunity to grow your career by collaborating with a team of outstanding talents and state of the art technology to build a lasting, positive future for millions
- As a Senior Security Engineer in our Application Security team, you’ll safeguard Trade Republic’s applications and development lifecycle through proactive security integration and engineering excellence
- Partner with engineering teams to embed security into the software development lifecycle from design to deployment
- Conduct security code reviews, threat modeling sessions, and architecture reviews for critical applications and services
- Design and implement SAST, DAST, and SCA solutions to identify vulnerabilities early in the development process
- Build and maintain application security testing automation within CI/CD pipelines
- Develop secure coding standards, security libraries, and reusable security components for engineering teams
- Perform penetration testing and vulnerability assessments of web applications, APIs, and mobile applications
- Triage, prioritise, and remediate application vulnerabilities working closely with development teams
- Create security champions program and provide security training to engineering teams
- Research emerging application security threats and integrate defensive measures into the security architecture
- Contribute to bug bounty program management and coordinate with external security researchers
Qualifications
- 5+ years as a Security Engineer with 4+ years focused on application security
- Excellent communication skills to translate security concepts for engineering audience
- Strong programming skills in modern languages (Python, Java, Kotlin, Go, or JavaScript)
- Knowledge of compliance frameworks (PCI-DSS, GDPR, MaRisk) is advantageous
- Experience with mobile application security (iOS/Android)
- Deep understanding of web application security (OWASP Top 10, API security, authentication/authorization)
- Experience integrating security tooling into CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins)
- Solid understanding of cryptography, secure session management, and identity/access management
- Expertise in secure architecture patterns for microservices, APIs, and distributed systems
- Hands-on experience with security testing tools (Burp Suite, OWASP ZAP, Semgrep, etc.)
- Hands-on experience with security testing of cryptocurrency/blockchain infrastructure and applications is a major bonus
#J-18808-Ljbffr…
