At a Glance
- Tasks: Bridge the gap between Security and Engineering while securing applications and AI workflows.
- Company: Join a forward-thinking tech company focused on innovative security solutions.
- Benefits: Competitive salary, flexible work options, and opportunities for professional growth.
- Other info: Dynamic team culture with a focus on continuous learning and development.
- Why this job: Make a real impact by ensuring secure coding practices and protecting user data.
- Qualifications: Experience in application security, cloud environments, and strong communication skills.
The predicted salary is between 60000 - 80000 € per year.
Requirements
- Pragmatism: You understand the difference between partnering with Engineering and security being a blocker of progress.
- Communication: You can translate a complex vulnerability into a business risk for a Product Manager and a technical fix for an Engineer.
- AppSec Subject Matter Expertise: You have a strong understanding of critical security risks in applications, are able to identify them in code, and provide recommendations on how to remediate.
- Cloud Native: Strong experience securing AWS/GCP environments and containerised workloads.
- AI ready: You understand the unique risks of AI and have experience securing AI-driven workflows.
What the job involves
- As our Cyber Security Engineer, you will be the bridge between Security and Engineering. You aren't here to block deployments; you’re here to ensure our code is resilient by design. You will empower our developers to ship fast without breaking the trust of our customers or regulators.
- Secure the Pipeline: Integrate and automate SAST, DAST, and SCA tooling directly into our CI/CD pipelines to catch vulnerabilities before they reach production.
- Harden the Product: Act as a Subject Matter Expert (SME) assisting engineers with the remediation of security vulnerabilities and bugs.
- Safeguard AI: Design and implement security guardrails for AI-assisted development and LLM integrations, ensuring data privacy and preventing prompt injection or model leakage.
- Threat Modelling: Partner with Product and Engineering teams to conduct threat modelling sessions for new features before they are built.
- Security Architecture: Act as a consultant for infrastructure and application design, ensuring our AWS/GCP Kubernetes environments remain hardened.
- Security Culture: Cultivate a Secure Development guild to level up our developers' secure coding skills.
Tech Stack
- Backend: Kotlin 1.7.20, AWS, GraphQL (it would be nice if you were familiar with this but it’s not a deal breaker), Postgres, RabbitMQ, Docker, Kubernetes.
- Frontend: React & React Native, TypeScript, MobX, Redux, Stylus and SASS.
- Other: We build our Kotlin projects using Gradle and GitHub Actions, deploying to production as soon as we finish a feature. We use JUnit Jupiter, Kotest and TestContainers for automated testing.
Application Security Engineer employer: Deepstreamtech
As an Application Security Engineer, you will thrive in a dynamic work environment that prioritises collaboration between security and engineering, ensuring that our code is robust and secure. We offer a culture of continuous learning and growth, with opportunities to enhance your skills in cutting-edge technologies like AI and cloud security. Join us to be part of a team that values innovation, empowers developers, and fosters a strong security mindset, all while working in a vibrant location that supports a healthy work-life balance.
StudySmarter Expert Advice🤫
We think this is how you could land Application Security Engineer
✨Tip Number 1
Network like a pro! Reach out to folks in the industry, attend meetups, and connect with people on LinkedIn. You never know who might have the inside scoop on job openings or can refer you directly.
✨Tip Number 2
Show off your skills! Create a portfolio or GitHub repository showcasing your projects, especially those related to application security. This gives potential employers a taste of what you can do and how you think.
✨Tip Number 3
Prepare for interviews by brushing up on common AppSec scenarios and challenges. Be ready to discuss how you would secure CI/CD pipelines or handle vulnerabilities in cloud environments like AWS or GCP.
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, we love seeing candidates who are proactive about their job search.
We think you need these skills to ace Application Security Engineer
Some tips for your application 🫡
Show Your Pragmatism:When writing your application, make sure to highlight how you balance security with engineering needs. We want to see that you understand the importance of not being a blocker but rather a partner in progress.
Communicate Clearly:Use straightforward language to explain your experience with vulnerabilities. We love candidates who can translate complex issues into relatable risks for both technical and non-technical folks. Make it easy for us to see your communication skills!
Demonstrate Your Expertise:Don’t hold back on showcasing your AppSec knowledge! Share specific examples of how you've identified and remediated security risks in applications. We’re looking for someone who knows their stuff and can back it up.
Apply Through Our Website:We encourage you to apply directly through our website. It’s the best way for us to receive your application and ensures you don’t miss out on any important updates from our team!
How to prepare for a job interview at Deepstreamtech
✨Know Your Stuff
Make sure you brush up on your AppSec knowledge, especially around critical security risks in applications. Be ready to discuss how you identify vulnerabilities in code and provide actionable remediation strategies. This will show that you’re not just familiar with the theory but can apply it practically.
✨Speak Their Language
Practice translating complex security concepts into business risks for non-technical stakeholders. You might be asked to explain a vulnerability to a Product Manager, so being able to communicate effectively across teams is key. Use examples from your past experiences to illustrate your points.
✨Showcase Your Cloud Skills
Since the role involves securing AWS/GCP environments, be prepared to discuss your experience with these platforms. Highlight any specific projects where you’ve implemented security measures in cloud-native applications or containerised workloads. This will demonstrate your hands-on expertise.
✨Emphasise Collaboration
This position is all about bridging the gap between Security and Engineering. Share examples of how you've successfully partnered with development teams in the past to enhance security without hindering progress. Show that you understand the importance of collaboration in achieving security goals.
