(Senior) Application Security Architect (m/f/x) onsite / remote in Germany

Scalable Capital is a leading digital investment platform in Europe, empowering individuals to shape their financial future. Our services include Scalable Broker for investing in stocks, ETFs, and savings plans; Scalable Wealth for professional ETF portfolio management; and the European Investor Exchange (EIX) for retail investors. With over 27 billion euros on the platform and more than one million clients, we are committed to innovative financial services.

Founded in 2014, we employ over 500 staff across Munich, Berlin, Vienna, and London. Our team, led by Erik Podzuweit and Florian Prucker, strives to develop the next generation of financial solutions.

Discover more through our finance blog and social media channels. Our company values guide our daily work and collaboration, which you can learn about here.

As an Application Security Architect, you will embed security into all phases of the SDLC. Your role includes collaborating with development teams to implement secure coding, performing threat modeling, and ensuring application resilience against security threats. Staying updated on emerging security risks and technologies is essential to enhance our security posture.

1. Develop and implement security architectures aligned with organizational policies and compliance standards.
2. Conduct threat modeling to identify vulnerabilities and suggest mitigations.
3. Perform detailed code and design reviews, providing actionable guidance.
4. Integrate security practices into the SDLC, including code reviews and security testing.
5. Collaborate with cross-functional teams to incorporate security at every development stage.
6. Create and maintain security standards, guidelines, and best practices.
7. Manage application security tools such as SAST, DAST, and IAST.
8. Participate in incident response for security breaches, including root cause analysis.
9. Educate development teams on secure coding and emerging threats.

1. Bachelor's or Master's degree in Computer Science, Information Security, or related field.
2. At least 5 years of experience in application security or software development roles.
3. Experience with secure coding, security assessments, authentication, cryptography, and API security.
4. Proven ability in threat modeling and delivering risk-based solutions.
5. Experience with security testing tools in CI/CD pipelines.
6. Knowledge of security frameworks like OWASP ASVS, SAMM, NIST.
7. Proficiency in Java, Kotlin, or Python.
8. Understanding of cloud security, especially AWS.
9. Excellent communication skills for technical and non-technical audiences.
10. Ability to manage multiple projects independently.

• Join a fast-growing Fintech startup creating impactful financial services.
• Work with an international, diverse, and inclusive team.
• Options to work at our offices in Munich or Berlin, or remotely within Germany.
• Access to the latest hardware and tools.
• Participate in knowledge sharing, training, and German language classes.
• Support for international relocation if applicable.
• Flexible vacations, work-from-abroad options, attractive compensation, and pension schemes.
• Monthly 25% contribution to 'Deutschland Jobticket'.
• Enjoy a complimentary PRIME+ Broker subscription.