Application Security Engineer (m / f / d)

Are you ready to be a security leader in the SaaS space? Join epilot!

We are looking for a security-minded engineer who goes beyond finding vulnerabilities and focuses on building automated, resilient defenses into our AWS-powered products. You will combine technical expertise with a proactive security mindset to protect impactful software from the ground up.

epilot is building a SaaS product to sell complex products online, focusing first on solving e-commerce in the rapidly transforming energy market. Our mission: Make selling complex products as easy as selling a pair of shoes online.

As the Application Security Engineer at epilot, you will be a driving force in ensuring our products are secure by design. Our culture is defined by core principles including freedom, responsibility, trust, strategic thinking, and ownership. You will work closely with development teams to integrate security into every stage of the development lifecycle, designing, implementing, and automating defenses that keep our AWS-powered products safe and scalable. This includes integrating vulnerability testing tools, supporting incident response, and participating in bug bounty triage.

We believe in delivering secure, working software early and often, aligning with Agile principles to manage risk and improve decision-making through fast feedback loops.

If this environment excites you, you might be the right person to join epilot as an engineer!

Check out our promise to you:

We, epilots, are a team of experts in software development, energy management, product management, and more. We are looking for you as a Security Engineer to help us bring our solutions faster and more securely to the top in the energy sector.

Job requirements

What awaits you

As an Application Security Engineer, you'll play a key role in building secure-by-default features and strengthening our cloud-native platform. You will work closely with engineers across the stack to shift security left and help us scale securely as we grow.

Here's what you'll do:

• Embed security into our development lifecycle by integrating SAST, DAST, and dependency scanning tools into CI/CD pipelines.
• Collaborate with engineering teams to identify vulnerabilities early and support remediation with actionable guidance.
• Build and maintain automation for security testing and compliance reporting.
• Work hands-on with AWS services to improve cloud security posture and advise on secure architecture.
• Drive threat modeling, participate in secure code reviews, and support bug bounty triage.
• Educate teams on secure coding practices and OWASP Top 10 risks in web and API development.
• Lead or support incident response efforts and post-incident reviews.
• Develop internal tooling or scripts to simplify and automate security operations.

What you bring

We are looking for a security-minded engineer who thrives in a fast-paced, product-centric environment with the following skills and mindset:

• Proficient in modern programming languages (e.g., Python, JavaScript, Go).
• Understanding of OWASP Top 10 for web and API applications.
• Experience with security tools: SAST, DAST, AWS security services (GuardDuty, IAM, CloudTrail).
• Solid understanding of AWS infrastructure and cloud-native architectures.
• Background in scripting or automating processes in CI/CD environments.

Bonus Points:

• Experience as a software engineer before switching to security.
• Certifications like OSCP or AWS Certified Security Specialty.
• Familiarity with IaC (Terraform, CloudFormation) and Security-as-Code practices.

Mindset:

• You take ownership of initiatives and see them through to completion.
• You are pragmatic and collaborative; security is a team sport.
• You enjoy simplifying complex problems into scalable, automated solutions.

What we offer you

• Impactful Work: Be part of a product-driven company reshaping the energy sector.
• Startup Mentality: Enjoy a dynamic atmosphere with flat hierarchies and open communication.
• Flexibility: Work remotely or from our Cologne office with flexible hours.
• Growth Opportunities: Your career will grow as we do—learn, experiment, and embrace a Fail Fast, Fail Often mentality.
• Competitive Compensation: We value performance and your desired salary.
• Team Spirit: Join events like summer parties, company breakfasts, and our annual epilot summit.
• Transparency and Openness: Our culture is inclusive and supportive.

We look forward to your application! ^^

Remote Hybrid

• Köln, Nordrhein-Westfalen, Germany

Salary: €85,000 - €110,000 per year

Employment Type: Full-Time

Experience: Several years

Vacancy: 1