Senior Security Engineer (m/f/d)
Posted on Jan 8, 2020 by Raisin
Expires at: 2020-02-19
We are a dynamic, fast-growing fintech company based in Berlin with a mission to break down barriers to better saving across Europe. Our platforms give customers simple, transparent access to the Raisin deposits marketplace, where our partner banks from all over Europe offer an ever-growing range of competitive savings products. In Germany, we also broker cost-effective investment portfolios and pension products. Raisin has raised more than €195 million in funding from renowned investors including Goldman Sachs, PayPal Ventures, Index Ventures, btov Ventures, Ribbit Capital, Orange Digital Ventures and Thrive Capital. We have also been featured on the FinTech50 - the list of Europe's top 50 fintechs - every year since 2016, ranking in the top 5 in 2018 and 2019.
- Manage Security Engineering for Raisin products and applications (Web and Mobile)
- Assist in developing and implementing Secure Software Development Lifecycle (SSDLC) practices
- Work with the product teams to perform security design/code reviews and vulnerability assessment and management in an agile environment
- Perform security tasks including (but not limited to) threat-modelling, secure code analysis, training, static, dynamic and interactive analysis, fuzz testing, automated and manual security testing
- Innovate the automation of SSDLC tasks
- Engage with third-party security consultants for independent security assessments
- Perform red teaming and penetration testing of the product and Infrastructure
- 3+ years of performing Web Application Security
- 2+ years of developing commercial products (experience in Java preferred)
- Understanding of network protocols and architectures such as TCP/IP, UDP, IPv6, IPSEC, TLS, HTTP/S, routing protocols
- Exceptional problem-solving skills, curious about the inner workings of systems and show attention to details
- Excellent written and oral communication skills
- Technical ability: Ability to develop technical solutions and use existing tools to help discover and mitigate security vulnerabilities. Ability to code/script in at least one programming language like Python, Java, C++.
- Excellent knowledge of pen testing tools and procedures for Web and mobile apps
- Flair for automation: Should be passionate about automating security testing and penetration testing using tools and code
- Architecture skills: Passion for system architecture with a primary focus on security aspects
- Security knowledge: Fundamental understanding of security best practices. Review security vulnerabilities and determine what modifications are needed to minimize risk to the organization via enhancements to the existing environment.
- Communication: Excellent ability to communicate technical solutions. Assist in developing test plans, test the products, make recommendations and assist in developing the architecture and implementation plan for approved solutions.
- Data Driven: Develop and maintain a comprehensive set of security benchmarks and guidelines that are readily adoptable by system administrators and software engineers.
- A Bachelors/Master's in Computer Science, Mathematics or an equivalent quantitative discipline.
- Relocation and visa support as well as a relocation reimbursement
- Personal training budget of 1,700 € and four full training days
- Free choice of hardware
- Beginner German classes directly at the office and financial support for acquiring a language certificate
- Hungry all the time? Breakfast, snacks, daily fresh fruit as well as drinks are provided
- Flexible working hours, home office and 28 vacation days
- Enjoy more than 50+ different sports with Urban Sports Club: We subsidize your membership with more than 20 € per month
- We offer you a company pension scheme (Betriebliche Altersvorsorge), which we support with 20 %
Set up alerts to get notified of new vacancies.