Logo SolarisBank

Cyber Security Staff Engineer

New

Job

  • Level
    Senior
  • Job Field
    IT, Security
  • Employment Type
    Full Time
  • Contract Type
    Permanent employment
  • Salary
    85.000 to 110.000€ Gross/Year
  • Location
    Berlin
  • Working Model
    Onsite
  • Job Summary

    In this role, you integrate security into the SDLC and DevSecOps, conduct threat modeling, manage vulnerabilities, and train developers in secure coding practices.

    Job Technologies

    Your role in the team

    • Integrate security seamlessly into the Software Development Lifecycle (SDLC) and DevSecOps pipelines by automating security gates (SAST, DAST, SCA, and container scanning).
    • Conduct thorough threat modeling and architectural security reviews for complex applications, APIs, and microservices prior to deployment.
    • Perform deep-dive manual and automated secure code reviews across various codebases to identify logic flaws and subtle implementation vulnerabilities.
    • Build and maintain 'secure-by-default' internal libraries, frameworks, and developer tools to systematically eliminate entire classes of vulnerabilities.
    • Take ownership of the application vulnerability lifecycle, including triaging, validating, and prioritizing vulnerabilities originating from internal testing, penetration tests, and external bug bounty programs.
    • Act as a strategic partner to product and engineering teams, providing pragmatic mitigation guidance that balances product velocity with security assurance.
    • Design and deliver modern, hands-on secure coding training and security awareness initiatives for engineering teams (e.g., addressing OWASP Top 10, LLM/AI security risks).
    • Support incident response and detection teams during application-level security incidents or potential data breaches, leading post-mortem analysis for software flaws.
    • Ensure application security controls remain fully compliant with relevant financial data protection regulations, fintech standards, and internal tech policies.
    • Owners of this function ensure that they adhere to the defined Policies & Procedures for the institution (which include explicit processes defined for Tech, properly documented in the respective Confluence spaces).
    • Übernehmen Sie die Verantwortung für die technischen Aufgaben, wie in unseren Change Management Policies beschrieben.

    This text has been machine translated. Show original

    Our expectations of you

    Education

    • A degree in Computer Science, Software Engineering, Information Technology, Cybersecurity, or equivalent professional experience.

    Qualifications

    • Deep understanding of web application vulnerabilities, API security, and exploitation techniques (OWASP Top 10, CWE).
    • Understands agile workflows and lean principles.
    • Individual Contributor, focus on technical mentorship.
    • Business proficient written and spoken English. German is a plus.
    • Ability to translate complex cryptographic or technical security vulnerabilities into business risk for non-technical stakeholders and actionable fixes for developers.
    • Empathic collaborator who builds bridges between security goals and engineering targets, avoiding the 'department of No' stereotype.
    • Strong analytical mindset capable of finding creative ways to secure cutting-edge application architectures.
    • Ability to thrive in a fast-paced environment and adapt security strategies to evolving product frameworks.
    • Proaktiver Kollege, der das Wachstum des Teams fördert.
    • Curious, constant learner that is willing to share learning with others

    Experience

    • 6+ years of experience in dedicated Application Security, DevSecOps, or Software Engineering roles with a strong focus on security in high-growth cloud environments (Fintech or highly regulated environment is a plus).
    • Proven experience analyzing and securing code written in our core tech stack/modern languages (e.g., Java, Go, Python, TypeScript, or Rust).
    • Hands-on experience integrating security testing tools into modern CI/CD pipelines (e.g., GitHub Actions, GitLab CI, Jenkins, Snyk, Semgrep).
    • Experience with cloud computing infrastructure (AWS, GCP, or Azure), containerization (Docker), and orchestration (Kubernetes).
    • Experience managing or triaging external penetration testing reports and crowdsourced bug bounty programs.
    • Experience by doing threat modeling.

    This text has been machine translated. Show original

    What we offer

    • Home office budget.
    • Learning & development budget of €1000 per year and a transparent growth framework to support your career goals.
    • Competitive salary and a variable remuneration program.
    • Monthly meal allowance.
    • Germany ticket subsidy.
    • 28 vacation days, increasing by 2 days after 2 years and 3 days after 3 years with Solaris.
    • Opportunity to work abroad for up to 12 weeks per year.

    This text has been machine translated. Show original

    Benefits

    Work-Life-Integration

    Topics that you deal with on the job

    Job Locations

    • Location Berlin

      Germany

    This is your employer

    SolarisBank

    SolarisBank

    We are leveraging the power of Banking-as-a-Service to remove the barriers for companies to offer their own financial products. Our proprietary Banking-as-a-Service platform enables any business to integrate financial services into new contexts that were previously unimaginable.

    Description

  • Company Type
    Established Company
  • Working Model
    Hybrid, Onsite
  • Industry
    Banking, Finance, Insurance
  • Logo SolarisBank

    Cyber Security Staff Engineer

    Salary
    85.000 to 110.000€ Gross/Year
    Location
    Berlin
    Working Model
    Onsite
    Diversity
    Open for all genders

    More Jobs