(Senior) Application Security Architect (m/f/x) onsite / remote in Germany

• Full-time

Scalable Capital is a leading digital investment platform in Europe. The company empowers everyone to shape their financial future. Scalable Broker makes it easy and affordable for clients to invest professionally in stocks, ETFs, and other exchange-traded products, and to set up savings plans. Scalable Wealth, the digital wealth management service, offers clients professional investment in ETF portfolios and is also adopted as a white-label solution by renowned B2B partners. With the European Investor Exchange (EIX), Scalable Capital offers a stock exchange for retail investors in Europe. Over 27 billion euros are held on the platform by more than one million clients.

Founded in 2014, Scalable Capital employs more than 500 people across Munich, Berlin, Vienna, and London. The company is committed to developing a new generation of financial services, guided daily by its core values.

As an Application Security Architect, you will support the integration of security throughout the SDLC, collaborating with development teams to implement secure coding practices, perform threat modeling, and ensure application resilience against security threats. Staying updated on emerging security threats and technologies is essential to continuously improve our security posture.

• Develop and implement security architectures for applications, ensuring compliance with security policies and standards.
• Conduct threat modeling exercises to identify vulnerabilities and recommend mitigation strategies.
• Perform detailed code and design reviews, providing actionable remediation guidance.
• Integrate security practices into the SDLC, including code reviews, static and dynamic analysis, and security testing.
• Collaborate with cross-functional teams to embed security considerations at every development stage.
• Establish and maintain application security standards, guidelines, and best practices.
• Evaluate and manage application security tools such as SAST, DAST, and IAST solutions.
• Participate in incident response activities related to application security breaches.
• Provide training and guidance on secure coding and emerging threats to development teams.

• Bachelor's or Master's degree in Computer Science, Information Security, or a related field.
• Extensive experience in application security, software development, or related roles.
• Proven expertise in secure coding, security assessments, authentication/authorization, cryptography, API security, and SDLC integration.
• Experience in threat modeling and delivering risk-based solutions.
• Knowledge of security testing tools integration in CI/CD pipelines.
• Strong understanding of application security frameworks and standards such as OWASP ASVS, SAMM, NIST.
• Proficiency in programming languages like Java, Kotlin, or Python.
• Experience with cloud security principles, especially in AWS environments.
• Excellent communication skills for technical and non-technical audiences.
• Ability to work independently and manage multiple projects effectively.

• Join one of Europe's fastest-growing and most visible Fintech startups, impacting our customers' lives.
• Work with an international, diverse, and inclusive team dedicated to creating the best products.
• Choose to work from our centrally located offices in Munich or Berlin, or remotely within Germany (if eligible).
• Access to the latest hardware and tools to stay productive.
• Opportunities for learning and growth through knowledge sharing sessions and an Education Budget.
• German language classes to experience the culture firsthand.
• International relocation support.
• Flexible vacation policy and options to work from abroad.
• Competitive compensation package and company pension scheme.
• Monthly contribution of 25% for the ‘Deutschland Jobticket’.
• Enjoy a complimentary PRIME+ Broker subscription, free from order commissions.

Germany (onsite or remote options available)