Job
- Level
- Erfahren
- Job Feld
- Web, IT, Full Stack, Security
- Anstellung
- Vollzeit
- Vertragsart
- Unbefristetes Dienstverhältnis
- Ort
- Aachen
- Arbeitsmodell
- Hybrid, Onsite
Job Zusammenfassung
In dieser Rolle triagierst du CVEs und beseitigst Sicherheitslücken in Frontend- und Backend-Abhängigkeiten, während du die Code-Sicherheit durch Implementierung bewährter Lösungen verbesserst.
Job Technologien
Deine Rolle im Team
- Triage and remediate CVEs across frontend (pnpm/npm) and backend (Java/Maven) dependencies on a continuous basis.
- Perform root-cause analysis for security bugs across the full stack; implement well-tested fixes.
- Identify and harden vulnerable code paths: XSS, CSRF, injection attacks, secrets exposure, broken authentication, insecure direct object references.
- Extend GitLab scanning coverage to frontend build artefacts alongside existing backend pipeline.
- Review security-sensitive changes in collaboration with tech leads and other developers.
- Handle minor bugfixes across the full stack to maintain team velocity.
- Contribute to security incident post-mortems; document findings and mitigations.
Unsere Erwartungen an dich
Qualifikationen
- Practical understanding of web security fundamentals: XSS, CSRF, injection attacks, dependency vulnerabilities, broken authentication, secrets management.
- Ability to read CVE advisories and translate them into concrete code or dependency changes.
- Solid knowledge of container security: Docker image hardening, Kubernetes security contexts.
- Structured approach to problem-solving with a habit of documenting findings.
Erfahrung
- Solid experience with TypeScript/JavaScript and Java.
- Hands-on experience with Vue 3 or a comparable modern frontend framework; Vue 3 / Nuxt proficiency strongly preferred.
- Experience with Git workflows, GitLab CI/CD pipelines, and package managers (Maven and pnpm both in active use).
- Bonus: Vuetify component library experience, SAST/DAST tooling (Snyk, SonarQube, OWASP ZAP), Content Security Policy configuration or pnpm workspace experience.
Unser Angebot
- Great creative freedom and a variety of opportunities for further development in a very trusting and appreciative environment.
- The choice between different work models (office or hybrid) with flexible working hours, a working time account, overtime regulations and modern and ergonomically equipped workstations.
- State-of-the-art collaboration tools for efficient hybrid working (e. g.,Stackoverflow for Teams).
- A family-friendly and relaxed atmosphere where ideas are created together with the best colleagues on earth!
- Unlimited employment contracts, company pension plan, bonus payments, a future leadership program, development budgets and LinkedIn Learning, sports events, childcare support, cafeteria, health campaigns, bring your dogs to work, sufficient and free parking spaces, bicycle leasing, IT hardware leasing, tire changing service, company and sports events, team excursions and teamchallenges, parcel service, drinks, fresh fruit and vegetables, cookies and much more.
Benefits
Essen & Trinken
Work-Life-Integration
Gesundheit, Fitness & Fun
Themen mit denen du dich im Job beschäftigst
Job Standorte
Das ist dein Arbeitgeber
Aixigo Ag
Die API-basierte Wealth Management Plattform von aixigo ist die weltweit schnellste für Anlageberatung, Portfoliomanagement, Portfoliorisikomanagement, Portfolioanalyse und Portfolioüberwachung. Die Plattform liefert laufend richtungsweisende Innovationen und einen echten Mehrwert für die Kunden von aixigo und deren Spar- und Anlagekunden.
Description
- Gründungsjahr
- 1999
- Unternehmenstyp
- Digitale Agentur
- Arbeitsmodell
- Full Remote, Hybrid, Onsite
- Branche
- Internet, IT, Telekom
Full-Stack Security Developer
- Ort
- Aachen
- Arbeitsmodell
- Hybrid, Onsite
- Diversität
- Für alle Personen geeignet (m/w/d)
- Nur Englisch
- Nur Englisch erforderlich
