Staff Application Security Engineer

About The Company
Affinidi
is a technology company dedicated to changing data ownership for good. We empower businesses and individuals with control and ownership of their data, with a comprehensive approach to managing their holistic identity – accounting for all aspects of their digital footprint while ensuring privacy and security.

Affinidi's technology enables users to benefit from decentralised digital identity solutions. We believe that everyone has the right to own and control their data, and we are committed to creating a trusted digital credentials ecosystem that empowers businesses and individuals to securely exchange data and services across borders and industries.

About the role:
We are in search for an
Application Security Engineer, Staff (m/f/d)
to join our Security Team. In this role, you'll help shape and guide the security strategy aligned to international standard and regulatory practices across Affinidi's various workstreams and products. This includes conducting security assessments, leading application security design reviews, and overseeing threat modelling. Your technical leadership will be crucial in ensuring the successful development of a scalable and resilient holistic identity system. The location is in Berlin.

Our work culture at Affinidi is shaped by the following tenets:

• We are unapologetically customer-focused
• We invest in cultures and teams to enable high performance
• We embrace experimentation and build fast
• We have the courage to be misunderstood
• We work together to unlock data

What's in it for you:

• Driving security strategy across all the workstreams and products the teams are working on, while having a direct influence on technical design through architecture design reviews.
• Providing security assessments of Affinidi products, that includes a lot of backend services, web, mobile and desktop applications
• Providing technical leadership and subject matter expertise as a security expert to our teams with a strong focus on product security and secure design principles
• Executing and technically leading application security reviews and threat modelling, including code review and dynamic testing
• Enabling and enhancing automated security testing at scale for our entire platform to identify and proactively resolve vulnerabilities
• Supporting compliance of information security frameworks and standards, including ISO27001, OWASP, and NIST CSF
• Creating and delivering comprehensive training programs to enhance the organization's security posture, including the ability to create and foster a strong security culture among different teams and stakeholders
• Designing, architecting, developing, and deploying tooling that helps ship secure code faster
• Driving security issues remediation and incident response process to ensure risks and compliances are managed
• Working in an exciting startup environment where you can be autonomous and try new things
• Providing leadership and mentorship to engineers to ensure the successful delivery of a scalable and resilient holistic identity system.

You will be a great match if you:

• Have 7+ years of experience of relevant experience for the role
• Love writing and shipping code and strive for security excellence
• Have vast experience in Security, Software Engineering and Secure Architecture design
• Have strong development skills
• Have extensive expertise in cloud computing and native environments (AWS preferred) including the management of risks and vulnerabilities
• Understand design patterns and have working experience in developing and deploying microservices in the cloud
• Have strong experience in product security, including reviewing architecture decisions and guiding teams toward secure design
• Have a good understanding of Offensive security practices and techniques.
• Have a proactive, hands-on approach, with a knack for tackling technical challenges and driving solutions with a high level of expertise and impact
• Experience with information security frameworks, international standards, and regulations

Our Stack is:

• Gitlab
• AWS
• IOS/Android
• MacOS/Windows

Bonus points if:

• You have experience with applied cryptography
• You have experience with decentralized technology
• You have experience with data privacy & data security implementations on blockchain & distributed platforms for individuals & organizations

What can you expect from us:

• Hybrid working model
• Flexible working hours
• Unlimited vacation policy
• Competitive compensation package
• Work within international environment
• Learning Budget
• Mobile Allowance
• Home Office Allowance
• Urban Sport Membership

Sounds like you? Apply now
Equal Opportunity
We believe in hiring different and diverse talent and providing a safe space where everyone can share their views without fear, where differences are celebrated, and where no one is left out. Inclusive cultures are the foundation for collaboration and innovation within our team.

Privacy Notice
By applying for this position, you confirm that you have read and understood Affinidi's Candidate Privacy Policy, and consent to the collection, use, and disclosure of your personal data for recruitment purposes, as described in the policy.