Senior/Staff Application Security Engineer (f/m/d)

Company Description

At Enpal, we are pursuing the dream of building the largest renewable community in Europe. How do we make that happen? Enpal finally simplifies providing solar energy: We rent out solar systems, electricity storage, and wall boxes at an all-inclusive rate, supplemented by a favorable green electricity tariff; all intelligently connected to form an integrated overall solution. True to the motto "digital, decentralized, and 100% renewable", our heart beats both for the rapid development of a company and for combating the greatest challenge of our generation - climate change.

Job Description

As a Senior/Staff Application Security Engineer (f/m/d), you will be responsible for ensuring the security of our applications throughout the software development lifecycle (SDLC). You will work closely with development, product, and DevOps teams to embed security practices, conduct threat modeling, and lead secure code reviews.

We offer speed, agility, and steep career growth. Our vision to make sustainable solar energy available to everyone can only come to live through our customer and product-oriented view, and the cooperation between software development, product management and lean, experiment-driven business development.

Join us to develop your professional skills, take part in the energy revolution, and let us take ownership of the sustainable change we want to see in the world together! We are looking forward to your application.

At Enpal, you would be

· building secure solutions. We are serious about delivering incremental value in each iteration, and we celebrate when we improve people's experience with our solution, make an impact towards our climate goals.

· adopting Shift-Left and Zero-Trust approaches. We emphasize proactive and continuous security measures, helping us stay ahead of potential threats and ensuring robust protection of assets, applications and services.

· developing application Security Program: Partner with software engineering and product teams to embed security across all stages of the SDLC (design, development, testing, deployment).

· conducting Threat Modeling & Risk Assessment: Lead threat modeling sessions, drive secure design and code reviews, and perform application-level risk assessments.

· establishing Security Training & Mentorship: Serve as a hands-on security advisor to developers by offering training, guidance, and support on secure software development practices and security champions development.

· enforcing Secure Coding Standards: Define, maintain, and enforce secure coding standards, guidelines, and reusable security patterns across development teams.

Qualifications

We are looking for roughly a 50% fit with for what we ask. The other 50% is a surprise to us, it is the magic you bring to the table and the diversity in which you make us grow.

· you have minimum of 5 years of experience in application security, with a strong understanding of secure coding practices and application security vulnerabilities (e.g., OWASP Top 10, ASVS, MSVS)

· you have hands-on experience embedding security throughout the entire software development lifecycle - from design and coding to integration and deployment

· you have hands-on experience with threat modelling approaches STRIDE, PASTA, DREAD and supporting tools, like TMT, IriusRisk, etc.

· you have proficiency in multiple programming languages, .Net is a plus.

· you have knowledge of cloud computing platforms; Azure is a plus.

· you have experience with security tooling and automation across domains like SAST, SCA, DAST.

· you have experience identifying and addressing security flaws in APIs and applications, with a solid understanding of OWASP principles

· you have relevant certifications, CSSLP, OSCP, OSWA are plus.

· you communicate clearly in English, spoken and written. Crisp and concise ways of formulating your ideas and opinions. Knowledge of German is a plus.

· you are inspired by the energy transition and want to make a difference. We are one of the biggest players in the solar business and want to make this change with you.

· you want to participate in a company where empowerment and initiative is valued. We are looking for people who want to grow their personal skills and knowledge, take responsibility, steer and influence for what they feel is right.

· agile and lean values are embodied by you. People over processes. Code over documentation. Reducing waste by building minimum viable products first, testing it with real users, growing and maintaining solutions as requirements evolve.

Additional Information

• Work in Germany's first green unicorn and actively shape the solar energy revolution. 

• The sun shines all over the world - at Enpal you will find a highly motivated and diverse team with more than 65 different nationalities. 

• Would you rather keep your pet company at home or your colleagues at the office? Even after the pandemic, we offer you a hybrid working model 

• We fulfill every start-up cliché - in our modern office in Berlin-Friedrichshain, you'll find everything your heart desires, from a ping-pong table and yoga corner to a roof terrace and stocked drinks fridges. 

• Your kick-start at Enpal - Get to know the company, your team colleagues and our founder Mario on your onboarding day. 

• Stay up to date - Whether it's company figures at our monthly all-hands meetings or how a photovoltaic system works at the Lunch & Learn, you'll always know exactly what's going on. 

• Energy transition only works together - At Enpal, you can expect a legendary team spirit and unforgettable team events. 

• No mistakes, no progress - We live a strong feedback culture and grow with your input, either personally or anonymously via our feedback tool Culture Amp.