Security Engineer

Join a team that's building the core digital infrastructure for a leading German health-tech platform. Our client pioneered the country's first digital sick note and has since become a trusted provider of digital care services.

• Experience with app and/or cloud security in real systems
• Comfortable with Kubernetes and GCP
• Knowledge of API security including OWASP API & Mobile Top 10
• Experience securing Node.js / TypeScript backends
• Ability to work independently and take ownership

Nice to have:

• Certifications: CISSP, CKS, CCSP, OSCP

• Conduct practical penetration tests (Node.js/TypeScript, API, iOS/Android) using tools such as Burp Suite
• Identify and remediate vulnerabilities (e.g., authorization bypass, injection, deserialization flaws)
• Define and implement secure API standards (JWT/OAuth, TLS/mTLS, validation, rate limiting, CORS)
• Harden infrastructure (Kubernetes/GCP, Postgres, Redis/BullMQ) and secure mobile applications
• Create and continuously improve Secure SDLC practices (threat modeling, code reviews, SAST/DAST in CI/CD)
• Implement automated monitoring (eBPF, Falco) and support incident response
• Collaborate on GDPR, ISO 27001, and SOC 2 initiatives
• Write clean, testable code that's easy to understand and maintain across products