Application Security Engineer, Senior (m/f/d)
Berlin, Germany
Affinidi
The concept of "Holistic Identity" houses the entire spectrum of discovering, collecting, sharing, storing, and even monetising personal data in the digital realm.About the Company
Affinidi is a technology company dedicated to changing data ownership for good. We empower businesses and individuals with control and ownership of their data, with a comprehensive approach to managing their holistic identity – accounting for all aspects of their digital footprint while ensuring privacy and security.
Affinidi’s technology enables users to benefit from decentralised digital identity solutions. We believe that everyone has the right to own and control their data, and we are committed to creating a trusted digital credentials ecosystem that empowers businesses and individuals to securely exchange data and services across borders and industries.
About the role:
We’re on a search for an Senior Application Security Engineer (m/f/d) to join our Security Team.
In this role, you'll be responsible for steering the security strategy across Affinidi's various workstreams and products. This includes conducting security assessments, leading application security reviews, and overseeing threat modeling. Your technical leadership will be crucial in ensuring the successful development of a scalable and resilient holistic identity system. The position is based in Berlin.
Our work culture at Affinidi is shaped by the following tenets:
- We are unapologetically customer-focused
- We invest in cultures and teams to enable high performance
- We embrace experimentation and build fast
- We have the courage to be misunderstood
- We work together to unlock data
What’s in it for you:
- Driving security strategy across all the workstreams and products the teams are working on
- Providing security assessments of Affinidi platform, that includes a lot of backend services, web, mobile and desktop applications
- Providing technical leadership and subject matter expertise as a security expert to our teams
- Executing and technically leading application security reviews and threat modelling, including code review and dynamic testing
- Enabling and enhancing automated security testing at scale for our entire platform to identify and proactively resolve vulnerabilities
- Creating and delivering comprehensive training programs to enhance the organization's security posture, including the ability to create and foster a strong security culture among different teams and stakeholders
- Designing, architecting, developing, and deploying tooling that helps ship secure code faster
- Driving security issues through the incident response process to ensure risks and compliances are managed
- Working in an exciting startup environment where you can be autonomous and try new things
- Providing leadership and mentorship to engineers to ensure the successful delivery of a scalable and resilient holistic identity system.
- Bring 5+ years of experience in application security, with hands-on expertise in threat modeling, code review, and penetration testing;
- Possess strong development skills, enjoy writing and deploying code, and have a passion for achieving security excellence;
- Have experience and a keen interest in integrating and maintaining secure practices and pipelines through DevSecOps;
- Hold significant experience in Security, Software Engineering, and Secure Architecture design;
- Demonstrate deep expertise in cloud computing and native environments, especially AWS;
- Have a solid understanding of design patterns, with practical experience in developing and deploying microservices in the cloud;
- Are proactive and hands-on, with a talent for tackling technical challenges and delivering impactful, high-quality solutions.
- 1–2 years of hands-on experience in software development
- Experience with bug bounty programs, showcasing a strong understanding of vulnerability discovery and reporting
- Published security write-ups demonstrating expertise in identifying and explaining security vulnerabilities
- Knowledge of applied cryptography and secure coding practices
- Experience with decentralized storage solutions and related technologies
- Familiarity with implementing data privacy and data security solutions on blockchain and distributed storage platforms for both individuals and organizations
Our Stack is:
- Javascript/Typescript/Node.js/Python/Rust/React
- Gitlab
- AWS
- IOS/Android/Flutter
- MacOS/Windows
What can you expect from us:
- Hybrid working model
- Flexible working hours
- Unlimited vacation policy
- Competitive compensation package
- Work within international environment
- Learning Budget
- Mobile Allowance
- Home Office Allowance
- Urban Sport Membership
Sounds like you? Apply now!
#LI-AB1
Equal Opportunity
We believe in hiring different and diverse talent and providing a safe space where everyone can share their views without fear, where differences are celebrated, and where no one is left out. Inclusive cultures are the foundation for collaboration and innovation within our team.
For information about the way Affinidi collects, uses, and discloses your personal data when you submit an application for employment, please refer to the Privacy Notice accessible at https://www.affinidi.com/candidate-privacy-notice. By applying for employment with Affinidi, you acknowledge having read and understood the Privacy Notice, and you consent to the collection, use and disclosure of your personal data submitted to Affinidi in accordance with the Privacy Notice.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Android Application security AWS Blockchain Cloud Cryptography DevSecOps GitLab Incident response iOS JavaScript MacOS Microservices Node.js Pentesting Privacy Python Rust Security assessment Security strategy Strategy TypeScript Vulnerabilities Windows
Perks/benefits: Career development Competitive pay Flex hours Flex vacation Salary bonus Startup environment Unlimited paid time off
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.