Senior Application & Infrastructure Security Engineer

This position is posted by Jobgether on behalf of a partner company. We are currently looking for a Senior Application & Infrastructure Security Engineer in Germany.

In this role, you will take full ownership of securing a modern, high-traffic digital platform across its entire technology stack—from cloud infrastructure to application layers. You will operate in a fast-paced, high-growth environment where security is a core pillar of product reliability and user trust. Working closely with engineering, DevOps, and product teams, you will proactively identify risks, design robust defenses, and respond to emerging threats. This is a hands-on, high-impact role that combines strategic oversight with deep technical execution. You will also contribute to building a strong security culture while shaping scalable practices in a dynamic and evolving ecosystem.

• Own and continuously improve the end-to-end security posture across infrastructure, APIs, and applications
• Identify, assess, and remediate vulnerabilities across frontend, backend, and cloud environments
• Design and enforce security controls, including WAF configurations, bot mitigation, and rate-limiting strategies
• Harden cloud infrastructure by implementing best practices in access control, network security, and system configuration
• Lead threat modeling sessions for new features to proactively identify and mitigate risks
• Monitor, investigate, and respond to security incidents, ensuring timely resolution and root-cause analysis
• Conduct penetration testing and vulnerability assessments, prioritizing remediation based on business impact
• Define and enforce HTTP security policies and standards across systems
• Develop and maintain incident response playbooks, including DDoS mitigation strategies
• Collaborate with engineering teams to embed secure coding practices and review sensitive code changes
• Manage vulnerability disclosure processes and external security reports
• Produce clear security documentation, reports, and risk assessments for stakeholders

Requirements:

• 8+ years of experience in application, infrastructure, or web security roles
• Deep knowledge of common security vulnerabilities (e.g., OWASP Top 10) and mitigation techniques
• Strong experience with cloud security, particularly in AWS environments (IAM, VPC, monitoring tools, etc.)
• Expertise in web application security, including API protection, authentication mechanisms, and frontend/backend risks
• Hands-on experience with security tools such as Burp Suite, OWASP ZAP, or similar
• Proven ability to detect and mitigate DDoS and other large-scale attack vectors
• Experience with SIEM systems, log analysis, and incident response workflows
• Knowledge of security frameworks and compliance standards (e.g., ISO 27001, SOC 2, GDPR)
• Familiarity with integrating security testing into CI/CD pipelines (SAST, DAST, SCA)
• Strong communication skills, with the ability to explain technical risks to non-technical stakeholders
• Detail-oriented mindset with strong analytical and problem-solving skills

Benefits:

• Competitive salary package aligned with experience and expertise
• Fully remote work environment with flexible working hours
• Opportunity to work on a high-scale, innovative platform with real-world impact
• Collaborative and fast-moving team culture
• Professional growth opportunities and exposure to advanced security challenges
• Inclusive and diverse workplace environment