Senior Security Engineer (Application Security)

Company: Trade Republic
Apply for the Senior Security Engineer (Application Security)
Location: London
Job Description:

Responsibilities

  • We have a bold mission to empower everyone to build wealth with easy, safe, and free access to financial systems. You will have the opportunity to grow your career by collaborating with a team of outstanding talents and state of the art technology to build a lasting, positive future for millions
  • As a Senior Security Engineer in our Application Security team, you’ll safeguard Trade Republic’s applications and development lifecycle through proactive security integration and engineering excellence
  • Partner with engineering teams to embed security into the software development lifecycle from design to deployment
  • Conduct security code reviews, threat modeling sessions, and architecture reviews for critical applications and services
  • Design and implement SAST, DAST, and SCA solutions to identify vulnerabilities early in the development process
  • Build and maintain application security testing automation within CI/CD pipelines
  • Develop secure coding standards, security libraries, and reusable security components for engineering teams
  • Perform penetration testing and vulnerability assessments of web applications, APIs, and mobile applications
  • Triage, prioritise, and remediate application vulnerabilities working closely with development teams
  • Create security champions program and provide security training to engineering teams
  • Research emerging application security threats and integrate defensive measures into the security architecture
  • Contribute to bug bounty program management and coordinate with external security researchers

Qualifications

  • 5+ years as a Security Engineer with 4+ years focused on application security
  • Excellent communication skills to translate security concepts for engineering audience
  • Strong programming skills in modern languages (Python, Java, Kotlin, Go, or JavaScript)
  • Knowledge of compliance frameworks (PCI-DSS, GDPR, MaRisk) is advantageous
  • Experience with mobile application security (iOS/Android)
  • Deep understanding of web application security (OWASP Top 10, API security, authentication/authorization)
  • Experience integrating security tooling into CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins)
  • Solid understanding of cryptography, secure session management, and identity/access management
  • Expertise in secure architecture patterns for microservices, APIs, and distributed systems
  • Hands-on experience with security testing tools (Burp Suite, OWASP ZAP, Semgrep, etc.)
  • Hands-on experience with security testing of cryptocurrency/blockchain infrastructure and applications is a major bonus

#J-18808-Ljbffr…

Posted: July 5th, 2026