Software Security Engineer - Senior/Staff (F/m/x)

Software Security Engineer - Senior/Staff (F/m/x)

3.03.0 von 5 Sternen

Berlin

Hybrides Arbeiten

Link: (CompanyWebsite)

Mitarbeiteranzahl: 51 bis 200 (CompanyEmployee)

Branche: Energie- & Versorgungswirtschaft (CompanyIndustry)

Stellenbeschreibung

Anstellungsart

Vollzeit

Arbeitsort

Berlin

Leistungen

Aus der vollständigen Stellenbeschreibung

Firmenevents

Vollständige Stellenbeschreibung

Company Description

At Enpal, we are pursuing the dream of building the largest renewable community in Europe. How do we make that happen? Enpal finally simplifies providing solar energy: We rent out solar systems, electricity storage, and wall boxes at an all-inclusive rate, supplemented by a favorable green electricity tariff; all intelligently connected to form an integrated overall solution. True to the motto 'digital, decentralized, and 100% renewable', our heart beats both for the rapid development of a company and for combating the greatest challenge of our generation - climate change.

Job Description

As a Staff Application Security Engineer (f/m/d), you will be responsible for ensuring the security of our applications throughout the software development lifecycle (SDLC). You will work closely with development, product, and DevOps teams to embed security practices, conduct threat modeling, and lead secure code reviews.

We offer speed, agility, and steep career growth. Our vision to make sustainable solar energy available to everyone can only come to live through our customer and product-oriented view, and the cooperation between software development, product management and lean, experiment-driven business development.

Join us to develop your professional skills, take part in the energy revolution, and let us take ownership of the sustainable change we want to see in the world together! We are looking forward to your application.

At Enpal, you would be

building secure solutions. We are serious about delivering incremental value in each iteration, and we celebrate when we improve peoples experience with our solution, make an impact towards our climate goals.

adopting Shift-Left and Zero-Trust approaches. We emphasize proactive and continuous security measures, helping us stay ahead of potential threats and ensuring robust protection of assets, applications and services.

developing application Security Program: Partner with software engineering and product teams to embed security across all stages of the SDLC (design, development, testing, deployment).

conducting Threat Modeling & Risk Assessment: Lead threat modeling sessions, drive secure design and code reviews, and perform application-level risk assessments.

establishing Security Training & Mentorship: Serve as a hands-on security advisor to developers by offering training, guidance, and support on secure software development practices and security champions development.

enforcing Secure Coding Standards: Define, maintain, and enforce secure coding standards, guidelines, and reusable security patterns across development teams.

Qualifications

you have minimum of 5 years of experience in application security, with a strong understanding of secure coding practices and application security vulnerabilities (e.g., OWASP Top 10, ASVS, MSVS)

you have hands-on experience embedding security throughout the entire software development lifecycle - from design and coding to integration and deployment

you have hands-on experience with threat modelling approaches STRIDE, PASTA, DREAD and supporting tools, like TMT, IriusRisk, etc.

you have proficiency in multiple programming languages, .Net is a plus.