Senior Security Engineer - AppSec [IT AND SECURITY]
HelloFresh
Senior Security Engineer - AppSec [IT AND SECURITY]
Job Description
The role
We’re looking for a new teammate to join us on the journey of keeping HelloFresh a trusted name - someone with a passion for security and appetite for new challenges. Security Engineers work in a variety of ways to constantly iterate and improve HelloFresh’s security posture.
You will be part of the squad responsible for maintaining and improving HelloFresh’s Vulnerability Management Program which provides umbrella coverage to Pentest, Red Teaming, Cloud Assessment, Source Code Review, use of vulnerable dependencies, Supply Chain Audits and Bug Bounty program.
What you’ll do
- Perform network/cloud penetration, web and mobile application testing, source code reviews, threat analysis, wireless network assessments, and social-engineering assessments
- Develop comprehensive and accurate reports and presentations for both technical and executive audiences
- Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
- Use formal project management skills in planning, tracking, and reporting to close the remediation loop
- Recognize and safely utilize attacker tools, tactics, and procedures used to perform analysis and identify vulnerabilities
- Develop scripts, tools, or methodologies to improve HelloFresh's Vulnerability Management Program
What you’ll bring
- 4-7 years' experience demonstrating above average ability in any 4 of the following areas of offensive security: Network, Wireless, Cloud, Web, Mobile, API Assessments, Source Code Review, Red Teaming, Social Engineering
- Thorough understanding of network protocols, data on the wire, client-server model, application design and architecture, and different classes of application security flaws
- Proven proficiency in one modern scripting language like Python or Go
- Relevant application penetration testing certifications such as Offensive Security Web Expert (OSWE) certification, GIAC Web Application Penetration Tester (GWAPT), or equivalent mobile/web certification
- Participation in web hacking challenges, competitions or bug bounties
- Development of tools or plugins used to conduct security testing and analysis
- Developing, extending, or modifying exploits, shellcode or exploit tools
- Source code review for control flow and security flaws
- Strong knowledge of tools used for cloud, wireless, web application, and network security testing
What we offer
Elevate your lifestyle! Join one of Europe's fastest-growing tech powerhouses in a dynamic phase of expansion.
- Immerse yourself in a diverse global community of 90+ nationalities.
- Enjoy a competitive compensation package that goes beyond the norm, with perks like a HelloFresh- subsidized Pension Scheme, Berlin relocation support, and a Hybrid working model.
- Elevate your lifestyle with exclusive discounts on your weekly HelloFresh box and office meals.
- Invest in your growth with a German language learning budget, and access to the HelloFresh Academy.
- Plus, we've got your well-being covered with mental health support, transportation perks, and working-parent-friendly benefits. From our 24/7 gym access,wellbeing platforms like Headspace and Spill, to sabbatical leave options, HelloFresh is not just a workplace; it's a lifestyle of perks and possibilities!
#IT #Security
Locations
- Berlin, Berlin, Germany
Salary
Salary details available upon request
Estimated Salary Rangemedium confidence
85,000 - 125,000 USD / yearly
Source: ai estimated
* This is an estimated range based on market data and may vary based on experience and qualifications.
Skills Required
- Network penetration testingintermediate
- Cloud penetration testingintermediate
- Web application testingintermediate
- Mobile application testingintermediate
- Source code reviewsintermediate
- Threat analysisintermediate
- Wireless network assessmentsintermediate
- Social-engineering assessmentsintermediate
- Project managementintermediate
- Scripting (Python or Go)intermediate
- Attacker tools, tactics, and proceduresintermediate
- Network protocolsintermediate
- Data on the wireintermediate
- Client-server modelintermediate
- Application design and architectureintermediate
- Application security flawsintermediate
- Cloud security testing toolsintermediate
- Wireless security testing toolsintermediate
- Web application security testing toolsintermediate
- Network security testing toolsintermediate
Required Qualifications
- 4-7 years' experience demonstrating above average ability in any 4 of the following areas of offensive security: Network, Wireless, Cloud, Web, Mobile, API Assessments, Source Code Review, Red Teaming, Social Engineering (experience)
- Thorough understanding of network protocols, data on the wire, client-server model, application design and architecture, and different classes of application security flaws (experience)
- Proven proficiency in one modern scripting language like Python or Go (experience)
- Relevant application penetration testing certifications such as Offensive Security Web Expert (OSWE) certification, GIAC Web Application Penetration Tester (GWAPT), or equivalent mobile/web certification (experience)
Preferred Qualifications
- Participation in web hacking challenges, competitions or bug bounties (experience)
- Development of tools or plugins used to conduct security testing and analysis (experience)
- Developing, extending, or modifying exploits, shellcode or exploit tools (experience)
- Source code review for control flow and security flaws (experience)
- Strong knowledge of tools used for cloud, wireless, web application, and network security testing (experience)
Responsibilities
- Perform network/cloud penetration, web and mobile application testing, source code reviews, threat analysis, wireless network assessments, and social-engineering assessments
- Develop comprehensive and accurate reports and presentations for both technical and executive audiences
- Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
- Use formal project management skills in planning, tracking, and reporting to close the remediation loop
- Recognize and safely utilize attacker tools, tactics, and procedures used to perform analysis and identify vulnerabilities
- Develop scripts, tools, or methodologies to improve HelloFresh's Vulnerability Management Program
Benefits
- general: Competitive compensation package
- general: HelloFresh-subsidized Pension Scheme
- general: Berlin relocation support
- general: Hybrid working model
- general: Exclusive discounts on your weekly HelloFresh box and office meals
- general: German language learning budget
- general: Access to the HelloFresh Academy
- general: Mental health support
- general: Transportation perks
- general: Working-parent-friendly benefits
- general: 24/7 gym access
- general: Wellbeing platforms like Headspace and Spill
- general: Sabbatical leave options
Tags & Categories
Answer 10 quick questions to check your fit for Senior Security Engineer - AppSec [IT AND SECURITY] @ HelloFresh.
10 Questions
~2 Minutes
Instant Score
Senior Security Engineer - AppSec [IT AND SECURITY]
HelloFresh
Senior Security Engineer - AppSec [IT AND SECURITY]
Job Description
The role
We’re looking for a new teammate to join us on the journey of keeping HelloFresh a trusted name - someone with a passion for security and appetite for new challenges. Security Engineers work in a variety of ways to constantly iterate and improve HelloFresh’s security posture.
You will be part of the squad responsible for maintaining and improving HelloFresh’s Vulnerability Management Program which provides umbrella coverage to Pentest, Red Teaming, Cloud Assessment, Source Code Review, use of vulnerable dependencies, Supply Chain Audits and Bug Bounty program.
What you’ll do
- Perform network/cloud penetration, web and mobile application testing, source code reviews, threat analysis, wireless network assessments, and social-engineering assessments
- Develop comprehensive and accurate reports and presentations for both technical and executive audiences
- Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
- Use formal project management skills in planning, tracking, and reporting to close the remediation loop
- Recognize and safely utilize attacker tools, tactics, and procedures used to perform analysis and identify vulnerabilities
- Develop scripts, tools, or methodologies to improve HelloFresh's Vulnerability Management Program
What you’ll bring
- 4-7 years' experience demonstrating above average ability in any 4 of the following areas of offensive security: Network, Wireless, Cloud, Web, Mobile, API Assessments, Source Code Review, Red Teaming, Social Engineering
- Thorough understanding of network protocols, data on the wire, client-server model, application design and architecture, and different classes of application security flaws
- Proven proficiency in one modern scripting language like Python or Go
- Relevant application penetration testing certifications such as Offensive Security Web Expert (OSWE) certification, GIAC Web Application Penetration Tester (GWAPT), or equivalent mobile/web certification
- Participation in web hacking challenges, competitions or bug bounties
- Development of tools or plugins used to conduct security testing and analysis
- Developing, extending, or modifying exploits, shellcode or exploit tools
- Source code review for control flow and security flaws
- Strong knowledge of tools used for cloud, wireless, web application, and network security testing
What we offer
Elevate your lifestyle! Join one of Europe's fastest-growing tech powerhouses in a dynamic phase of expansion.
- Immerse yourself in a diverse global community of 90+ nationalities.
- Enjoy a competitive compensation package that goes beyond the norm, with perks like a HelloFresh- subsidized Pension Scheme, Berlin relocation support, and a Hybrid working model.
- Elevate your lifestyle with exclusive discounts on your weekly HelloFresh box and office meals.
- Invest in your growth with a German language learning budget, and access to the HelloFresh Academy.
- Plus, we've got your well-being covered with mental health support, transportation perks, and working-parent-friendly benefits. From our 24/7 gym access,wellbeing platforms like Headspace and Spill, to sabbatical leave options, HelloFresh is not just a workplace; it's a lifestyle of perks and possibilities!
#IT #Security
Locations
- Berlin, Berlin, Germany
Salary
Salary details available upon request
Estimated Salary Rangemedium confidence
85,000 - 125,000 USD / yearly
Source: ai estimated
* This is an estimated range based on market data and may vary based on experience and qualifications.
Skills Required
- Network penetration testingintermediate
- Cloud penetration testingintermediate
- Web application testingintermediate
- Mobile application testingintermediate
- Source code reviewsintermediate
- Threat analysisintermediate
- Wireless network assessmentsintermediate
- Social-engineering assessmentsintermediate
- Project managementintermediate
- Scripting (Python or Go)intermediate
- Attacker tools, tactics, and proceduresintermediate
- Network protocolsintermediate
- Data on the wireintermediate
- Client-server modelintermediate
- Application design and architectureintermediate
- Application security flawsintermediate
- Cloud security testing toolsintermediate
- Wireless security testing toolsintermediate
- Web application security testing toolsintermediate
- Network security testing toolsintermediate
Required Qualifications
- 4-7 years' experience demonstrating above average ability in any 4 of the following areas of offensive security: Network, Wireless, Cloud, Web, Mobile, API Assessments, Source Code Review, Red Teaming, Social Engineering (experience)
- Thorough understanding of network protocols, data on the wire, client-server model, application design and architecture, and different classes of application security flaws (experience)
- Proven proficiency in one modern scripting language like Python or Go (experience)
- Relevant application penetration testing certifications such as Offensive Security Web Expert (OSWE) certification, GIAC Web Application Penetration Tester (GWAPT), or equivalent mobile/web certification (experience)
Preferred Qualifications
- Participation in web hacking challenges, competitions or bug bounties (experience)
- Development of tools or plugins used to conduct security testing and analysis (experience)
- Developing, extending, or modifying exploits, shellcode or exploit tools (experience)
- Source code review for control flow and security flaws (experience)
- Strong knowledge of tools used for cloud, wireless, web application, and network security testing (experience)
Responsibilities
- Perform network/cloud penetration, web and mobile application testing, source code reviews, threat analysis, wireless network assessments, and social-engineering assessments
- Develop comprehensive and accurate reports and presentations for both technical and executive audiences
- Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
- Use formal project management skills in planning, tracking, and reporting to close the remediation loop
- Recognize and safely utilize attacker tools, tactics, and procedures used to perform analysis and identify vulnerabilities
- Develop scripts, tools, or methodologies to improve HelloFresh's Vulnerability Management Program
Benefits
- general: Competitive compensation package
- general: HelloFresh-subsidized Pension Scheme
- general: Berlin relocation support
- general: Hybrid working model
- general: Exclusive discounts on your weekly HelloFresh box and office meals
- general: German language learning budget
- general: Access to the HelloFresh Academy
- general: Mental health support
- general: Transportation perks
- general: Working-parent-friendly benefits
- general: 24/7 gym access
- general: Wellbeing platforms like Headspace and Spill
- general: Sabbatical leave options
Tags & Categories
Answer 10 quick questions to check your fit for Senior Security Engineer - AppSec [IT AND SECURITY] @ HelloFresh.
10 Questions
~2 Minutes
Instant Score