Senior Security Engineer - AppSec [IT AND SECURITY]

The role

We’re looking for a new teammate to join us on the journey of keeping HelloFresh a trusted name — someone with a passion for security and appetite for new challenges. Security Engineers work in a variety of ways to constantly iterate and improve HelloFresh’s security posture.

You will be part of the squad responsible for maintaining and improving HelloFresh’s Vulnerability Management Program, which provides umbrella coverage to Pentest, Red Teaming, Cloud Assessment, Source Code Review, use of vulnerable dependencies, Supply Chain Audits and Bug Bounty program.

• Perform network / cloud penetration, web and mobile application testing, source code reviews, threat analysis, wireless network assessments and social-engineering assessments
• Develop comprehensive and accurate reports and presentations for both technical and executive audiences
• Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership and legal counsel
• Use formal project management skills in planning, tracking and reporting to close the remediation loop
• Recognize and safely utilize attacker tools, tactics and procedures used to perform analysis and identify vulnerabilities
• Develop scripts, tools or methodologies to improve HelloFresh’s Vulnerability Management Program

• 4-7 years of experience demonstrating above-average ability in any 4 of the following areas of offensive security: Network, Wireless, Cloud, Web, Mobile, API Assessments, Source Code Review, Red Teaming, Social Engineering
• Thorough understanding of network protocols, data in transit, client-server model, application design and architecture, and different classes of application security flaws
• Proficiency in one modern scripting language such as Python or Go
• Relevant application penetration testing certifications such as Offensive Security Web Expert (OSWE), GIAC Web Application Penetration Tester (GWAPT) or equivalent mobile / web certification
• Participation in web hacking challenges, competitions or bug bounties
• Development of tools or plugins used to conduct security testing and analysis
• Developing, extending or modifying exploits, shellcode or exploit tools
• Source code review for control flow and security flaws
• Strong knowledge of tools used for cloud, wireless, web application and network security testing

• Elevate your lifestyle! Join one of Europe's fastest-growing tech powerhouses in a dynamic phase of expansion.
• Immerse yourself in a diverse global community of 90 nationalities.
• Enjoy a competitive compensation package with perks like a HelloFresh-subsidized Pension Scheme, Berlin relocation support and a Hybrid working model.
• Elevate your lifestyle with exclusive discounts on your weekly HelloFresh box and office meals.
• Invest in your growth with a German language learning budget and access to the HelloFresh Academy.
• Plus we’ve got your well-being covered with mental health support, transportation perks and working-parent-friendly benefits. From our 24/7 gym access to wellbeing platforms like Headspace and Spill to sabbatical leave options, HelloFresh is not just a workplace; it's a lifestyle of perks and possibilities!

#IT #Security

HelloFresh is committed to the principles of equal employment opportunity and providing reasonable accommodations to candidates with disabilities. If you need an accommodation during the application process please reach out to us at :

Europe :

APAC :

United States :

Canada :

Required Experience :

Senior IC

Employment Type : Full Time

Experience : years

Vacancy : 1