Logo SolarisBank

Cyber Security Staff Engineer

Neu

Job

  • Level
    Senior
  • Job Feld
    IT, Security
  • Anstellung
    Vollzeit
  • Vertragsart
    Unbefristetes Dienstverhältnis
  • Gehalt
    85.000 bis 110.000€ Brutto/Jahr
  • Ort
    Berlin
  • Arbeitsmodell
    Onsite
  • Job Zusammenfassung

    In diesem Job integrierst du Sicherheitsmaßnahmen in den SDLC und DevSecOps, führst Bedrohungsanalysen durch, managst Schwachstellen und schulst Entwickler zu sicherem Programmieren.

    Job Technologien

    Deine Rolle im Team

    • Integrate security seamlessly into the Software Development Lifecycle (SDLC) and DevSecOps pipelines by automating security gates (SAST, DAST, SCA, and container scanning).
    • Conduct thorough threat modeling and architectural security reviews for complex applications, APIs, and microservices prior to deployment.
    • Perform deep-dive manual and automated secure code reviews across various codebases to identify logic flaws and subtle implementation vulnerabilities.
    • Build and maintain 'secure-by-default' internal libraries, frameworks, and developer tools to systematically eliminate entire classes of vulnerabilities.
    • Take ownership of the application vulnerability lifecycle, including triaging, validating, and prioritizing vulnerabilities originating from internal testing, penetration tests, and external bug bounty programs.
    • Act as a strategic partner to product and engineering teams, providing pragmatic mitigation guidance that balances product velocity with security assurance.
    • Design and deliver modern, hands-on secure coding training and security awareness initiatives for engineering teams (e.g., addressing OWASP Top 10, LLM/AI security risks).
    • Support incident response and detection teams during application-level security incidents or potential data breaches, leading post-mortem analysis for software flaws.
    • Ensure application security controls remain fully compliant with relevant financial data protection regulations, fintech standards, and internal tech policies.
    • Owners of this function make sure that they follow the defined Policies & Procedures for the institution (which includes explicit processes defined for Tech, which are properly defined in the respective confluence spaces).
    • Take ownership of the tech responsibilities as described in our Change Management Policies.

    Unsere Erwartungen an dich

    Ausbildung

    • A degree in Computer Science, Software Engineering, Information Technology, Cybersecurity, or equivalent professional experience.

    Qualifikationen

    • Deep understanding of web application vulnerabilities, API security, and exploitation techniques (OWASP Top 10, CWE).
    • Understands agile workflows and lean principles.
    • Individual Contributor, technical mentorship focus.
    • Business proficient written and spoken English. German is a plus.
    • Ability to translate complex cryptographic or technical security vulnerabilities into business risk for non-technical stakeholders and actionable fixes for developers.
    • Empathic collaborator who builds bridges between security goals and engineering targets, avoiding the 'department of No' stereotype.
    • Strong analytical mindset capable of finding creative ways to secure cutting-edge application architectures.
    • Ability to thrive in a fast-paced environment and adapt security strategies to evolving product frameworks.
    • Proactive peer that helps the growth of the team.
    • Curious, constant learner that is willing to share learning with others

    Erfahrung

    • 6+ years of experience in dedicated Application Security, DevSecOps, or Software Engineering roles with a strong focus on security in high-growth cloud environments (Fintech or highly regulated environment is a plus).
    • Proven experience analyzing and securing code written in our core tech stack/modern languages (e.g., Java, Go, Python, TypeScript, or Rust).
    • Hands-on experience integrating security testing tools into modern CI/CD pipelines (e.g., GitHub Actions, GitLab CI, Jenkins, Snyk, Semgrep).
    • Experience with cloud computing infrastructure (AWS, GCP, or Azure), containerization (Docker), and orchestration (Kubernetes).
    • Experience managing or triaging external penetration testing reports and crowdsourced bug bounty programs.
    • Experience by doing threat modeling.

    Unser Angebot

    • Home office budget.
    • Learning & development budget of €1000 per year and a transparent growth framework to support your career goals.
    • Competitive salary and a variable remuneration program.
    • Monthly meal allowance.
    • Deutschland ticket subsidy.
    • 28 vacation days, increasing by 2 days after 2 years and 3 days after 3 years with Solaris.
    • Opportunity to work abroad for up to 12 weeks per year.

    Benefits

    Work-Life-Integration

    Themen mit denen du dich im Job beschäftigst

    Job Standorte

    • Standort Berlin

      Deutschland

    Das ist dein Arbeitgeber

    SolarisBank

    SolarisBank

    Wir nutzen die Möglichkeiten von Banking-as-a-Service, um die Hürden für Unternehmen zu beseitigen, die eigene Finanzprodukte anbieten wollen. Unsere proprietäre Banking-as-a-Service-Plattform ermöglicht es jedem Unternehmen, Finanzdienstleistungen in neue Kontexte zu integrieren, die vorher unvorstellbar waren.

    Description

  • Unternehmenstyp
    Etablierte Firma
  • Arbeitsmodell
    Hybrid, Onsite
  • Branche
    Banken, Finanz, Versicherung
  • Logo SolarisBank

    Cyber Security Staff Engineer

    Gehalt
    85.000 bis 110.000€ Brutto/Jahr
    Ort
    Berlin
    Arbeitsmodell
    Onsite
    Diversität
    Für alle Personen geeignet (m/w/d)

    Weitere Jobs