As an application security engineer, you are a part of a distributed international application security team which provides security consulting to development teams during the full product development lifecycle. You work with teams developing and operating products of brands WEB.DE, GMX and mail.com. In particular, your tasks are:
Identify and report security issues in our products in various lifecycle stages using black-box and white-box approaches.
Evangelize security topics and introduce new innovative methods with the objective to increase the security awareness of the development teams and the security level of the products.
Continuous improvement of security competencies (e.g. penetration testing, threat modeling, code review...) and introducing new ones according to company's needs.
Improving and optimizing our secure software development processes.
Participating in security incident management and security incident response.
The prerequisite for this demanding position is a university degree in software engineering, security or similar area. Besides that, we expect:
Extensive experience with black-box (ethical hacking, penetration testing) and white-box (code reviews, architecture reviews) security assessments of web applications and architectures.
Experience with agile development environments.
Customer and result oriented mindset.
Excellent English and German verbal and written skills.
Reference ID: MU-DaKe-1809047
Application Security Engineer (f/m) - for our brands GMX and WEB.DE at 1&1 (München, Deutschland)
Stack Overflow · 05.12.2018