Senior Application & Infrastructure Security Engineer
Jobgether, New Bremen, OH, United States
This position is posted by Jobgether on behalf of a partner company. We are currently looking for a Senior Application & Infrastructure Security Engineer in Germany.
In this role, you will take full ownership of securing a modern, high-traffic digital platform across its entire technology stack—from cloud infrastructure to application layers. You will operate in a fast-paced, high-growth environment where security is a core pillar of product reliability and user trust. Working closely with engineering, DevOps, and product teams, you will proactively identify risks, design robust defenses, and respond to emerging threats. This is a hands‑on, high-impact role that combines strategic oversight with deep technical execution. You will also contribute to building a strong security culture while shaping scalable practices in a dynamic and evolving ecosystem.
Accountabilities
Own and continuously improve the end-to-end security posture across infrastructure, APIs, and applications
Identify, assess, and remediate vulnerabilities across frontend, backend, and cloud environments
Design and enforce security controls, including WAF configurations, bot mitigation, and rate-limiting strategies
Harden cloud infrastructure by implementing best practices in access control, network security, and system configuration
Lead threat modeling sessions for new features to proactively identify and mitigate risks
Monitor, investigate, and respond to security incidents, ensuring timely resolution and root‑cause analysis
Conduct penetration testing and vulnerability assessments, prioritizing remediation based on business impact
Define and enforce HTTP security policies and standards across systems
Develop and maintain incident response playbooks, including DDoS mitigation strategies
Collaborate with engineering teams to embed secure coding practices and review sensitive code changes
Manage vulnerability disclosure processes and external security reports
Produce clear security documentation, reports, and risk assessments for stakeholders
Requirements
8+ years of experience in application, infrastructure, or web security roles
Deep knowledge of common security vulnerabilities (e.g., OWASP Top 10) and mitigation techniques
Strong experience with cloud security, particularly in AWS environments (IAM, VPC, monitoring tools, etc.)
Expertise in web application security, including API protection, authentication mechanisms, and frontend/backend risks
Hands‑on experience with security tools such as Burp Suite, OWASP ZAP, or similar
Proven ability to detect and mitigate DDoS and other large‑scale attack vectors
Experience with SIEM systems, log analysis, and incident response workflows
Knowledge of security frameworks and compliance standards (e.g., ISO 27001, SOC 2, GDPR)
Familiarity with integrating security testing into CI/CD pipelines (SAST, DAST, SCA)
Strong communication skills, with the ability to explain technical risks to non‑technical stakeholders
Detail‑oriented mindset with strong analytical and problem‑solving skills
Benefits
Competitive salary package aligned with experience and expertise
Fully remote work environment with flexible working hours
Opportunity to work on a high‑scale, innovative platform with real‑world impact
Collaborative and fast‑moving team cultureProfessional growth opportunities and exposure to advanced security challenges
Inclusive and diverse workplace environment
#LI-CL1
#J-18808-Ljbffr
In this role, you will take full ownership of securing a modern, high-traffic digital platform across its entire technology stack—from cloud infrastructure to application layers. You will operate in a fast-paced, high-growth environment where security is a core pillar of product reliability and user trust. Working closely with engineering, DevOps, and product teams, you will proactively identify risks, design robust defenses, and respond to emerging threats. This is a hands‑on, high-impact role that combines strategic oversight with deep technical execution. You will also contribute to building a strong security culture while shaping scalable practices in a dynamic and evolving ecosystem.
Accountabilities
Own and continuously improve the end-to-end security posture across infrastructure, APIs, and applications
Identify, assess, and remediate vulnerabilities across frontend, backend, and cloud environments
Design and enforce security controls, including WAF configurations, bot mitigation, and rate-limiting strategies
Harden cloud infrastructure by implementing best practices in access control, network security, and system configuration
Lead threat modeling sessions for new features to proactively identify and mitigate risks
Monitor, investigate, and respond to security incidents, ensuring timely resolution and root‑cause analysis
Conduct penetration testing and vulnerability assessments, prioritizing remediation based on business impact
Define and enforce HTTP security policies and standards across systems
Develop and maintain incident response playbooks, including DDoS mitigation strategies
Collaborate with engineering teams to embed secure coding practices and review sensitive code changes
Manage vulnerability disclosure processes and external security reports
Produce clear security documentation, reports, and risk assessments for stakeholders
Requirements
8+ years of experience in application, infrastructure, or web security roles
Deep knowledge of common security vulnerabilities (e.g., OWASP Top 10) and mitigation techniques
Strong experience with cloud security, particularly in AWS environments (IAM, VPC, monitoring tools, etc.)
Expertise in web application security, including API protection, authentication mechanisms, and frontend/backend risks
Hands‑on experience with security tools such as Burp Suite, OWASP ZAP, or similar
Proven ability to detect and mitigate DDoS and other large‑scale attack vectors
Experience with SIEM systems, log analysis, and incident response workflows
Knowledge of security frameworks and compliance standards (e.g., ISO 27001, SOC 2, GDPR)
Familiarity with integrating security testing into CI/CD pipelines (SAST, DAST, SCA)
Strong communication skills, with the ability to explain technical risks to non‑technical stakeholders
Detail‑oriented mindset with strong analytical and problem‑solving skills
Benefits
Competitive salary package aligned with experience and expertise
Fully remote work environment with flexible working hours
Opportunity to work on a high‑scale, innovative platform with real‑world impact
Collaborative and fast‑moving team cultureProfessional growth opportunities and exposure to advanced security challenges
Inclusive and diverse workplace environment
#LI-CL1
#J-18808-Ljbffr