As an Application Security Architect, you will support the embedding of security into all phases of the Software Development Life Cycle (SDLC).
You will collaborate with development teams to implement secure coding practices, perform threat modeling, and ensure applications are resilient against potential security threats.
Key responsibilities include developing and implementing security architectures for applications, ensuring alignment with organizational security policies and compliance requirements.
You will conduct threat modeling exercises to identify potential security vulnerabilities and recommend mitigation strategies.
Performing in-depth code and design reviews and delivering actionable remediation guidance is also part of your role.
You will integrate security practices into the SDLC, including code reviews, static and dynamic analysis, and security testing.
Working closely with cross-functional teams, including developers, QA, and operations, to ensure security is considered at every stage of application development is essential.
You will develop and maintain application security standards, guidelines, and best practices.
Evaluating, implementing, and managing application security tools such as SAST, DAST, and IAST solutions will be part of your responsibilities.
Participating in incident response activities related to application security breaches, including root cause analysis and remediation planning, is required.
You will provide training and guidance to development teams on secure coding practices and emerging security threats.
Requirements:
A Bachelor's or Master's degree in Computer Science, Information Security, or a related field is required.
You must have a minimum of 5 years of experience in application security, software development, or related roles.
Proven experience with secure coding practices, security assessments, authentication/authorization design, cryptography, API protection, and integrating security into the SDLC is necessary.
A proven record of facilitating threat modeling and delivering risk-balanced solutions to engineering teams is essential.
Experience integrating and tuning security-testing tools in CI/CD workflows is required.
A strong understanding of application security frameworks and standards (e.g., OWASP ASVS, SAMM, NIST) is necessary.
Proficiency in programming languages such as Java, Kotlin, or Python is required.
Experience with cloud security principles and securing applications in cloud environments, particularly AWS, is necessary.
Clear and persuasive communication skills for both technical and non-technical audiences are essential.
The ability to work independently and manage multiple projects simultaneously is required.
Benefits:
You will be part of one of the fastest-growing and most visible Fintech startups in Europe, creating innovative services that have a substantial impact on the lives of customers.
The company offers an international, diverse, inclusive, and ever-growing team that is dedicated to creating the best products for clients.
You can work from centrally located offices in Munich or Berlin or choose to work remotely within Germany if eligible for the job.
The company provides the latest hardware and tools to enhance productivity.
You will have opportunities to learn and grow by joining in-house knowledge sharing sessions and utilizing your individual Education Budget.
Free German language classes are available to help you learn and experience German culture firsthand.
International relocation support is offered.
A flexible vacation policy and the opportunity to work from abroad are included.
You will benefit from an attractive compensation package and a company pension scheme.
A monthly contribution of 25% for the ‘Deutschland Jobticket’ is provided.
You will receive a complimentary subscription to Scalable Capital's PRIME+ Broker, eliminating order commissions.
