Software Security Engineer (Product Security) (m/f/d)

You are the Architect of Secure Code for the next generation of spaceflight. At Isar Aerospace, software doesn't just display data; it controls high-pressure propulsion and orbital trajectories. A vulnerability here isn't just a bug it's a mission failure.

We are looking for a Software Security Engineer to own the security of our flight and ground software. You will move us from "finding bugs" to "designing secure software." You will integrate security into the heartbeat of our development (CI/CD), ensuring that every line of code is scanned, hardened, and flight-ready before it ever reaches the launchpad.

This is a hands-on technical role. You will not just write policies; you will build the automated pipelines that stop insecure software from launching.

Architect the Secure SDLC (SSDLC)

• Define and implement the "Secure by Design" framework for our mission-critical flight and ground systems.
• Lead Threat Modeling sessions with engineering teams to identify design flaws before code is written.
• Translate security standards (e.g., NIST, Industrial/Safety Standards) into actionable coding requirements for developers.

Build the DevSecOps Pipeline

• Own the AppSec Toolchain: Select, configure, and manage automated security tools (SAST, SCA, DAST, Secret Scanning) within our CI/CD pipelines.
• Eliminate "Security Friction": Tune tools to reduce false positives so developers trust the pipeline.
• Automate the generation of SBOMs (Software Bill of Materials) to track every library and dependency for CRA compliance.

Code Security & Vulnerability Management

• Perform deep-dive security code reviews on critical components (Propulsion Control, Telemetry, Safety Systems).
• Triage and prioritize vulnerabilities found by automated scanners.
• Act as the "Vulnerability Handler" for our products: Analyze incoming bug reports, determine impact, and drive remediation with engineering teams.

Software Regulatory Compliance (CRA)

• Ensure our software meets the strict requirements of the upcoming EU Cyber Resilience Act (CRA).
• Define the technical controls required to meet "Essential Entity" status for aerospace software.
• Support Product Security Compliance (CRA): Act as the technical lead for our compliance with the EU Cyber Resilience Act (CRA), helping to generate Software Bills of Materials (SBOMs) and ensure our products meet "secure-by-design" requirements.

Qualification Checklist

• Engineering Background: 5+ years in Software Security, AppSec, or a Senior Developer role with a security focus. You can read and review complex code fluently.
• Pipeline Mechanic: Hands-on experience building CI/CD pipelines and integrating security scanners (e.g., SonarQube, Snyk, Coverity, Semgrep).
• The "Hacker" Mindset: You understand common software vulnerabilities (Buffer Overflows, Injection, Race Conditions) and more importantly how to fix them in the codebase.
• Threat Modeling: Experience conducting threat modeling (STRIDE, PASTA) and analyzing architectural risk.

Bonus Skills

• Regulatory Experience: Knowledge of SBOM standards (CycloneDX, SPDX) or the EU Cyber Resilience Act.
• Industry Context: Experience in aerospace, defense, high-tech manufacturing, or OT/ICS environments.
• Cloud-Native Security: Experience securing containerized (Docker/Kubernetes) and cloud-native application environments.
• Pragmatism and Drive: You are a highly autonomous professional who is passionate about building, automating, and enabling teams to create world-class, secure software.
• A Mission-Critical Mindset: You understand that in our business, a software defect doesn\'t just cause a blue screen, it can lead to a "Rapid Unscheduled Disassembly" (RUD). You thrive in an environment where quality and security are not just goals, but a prerequisite for mission success.

Benefits

• Employee Participation Program: Share in our success through our virtual company share program
• 30 days of vacation: Enjoy the days off to relax and recharge
• Company pension plan: Secure your future with our company pension plan, featuring a 20% employer contribution after the probation period
• Subsidised lunch: Stay energised with delicious, subsidised lunches every day
• Public transport ticket: Commute with ease using a fully financed Deutschlandticket
• Sport Clubs membership: Stay fit with our sponsored sports club memberships (EGYM Wellpass)
• Individual learning allowance: Grow your skills with an individual learning budget granted after the probation period
• Childcare allowance: Receive a childcare allowance for your non-school-age children
• And Much More! Discover additional perks and benefits when you join our team

Who we are

We are Isar Aerospace and we are at the forefront of New Space building a modern space business to enable faster, better and cheaper access to space.

Our mission is to help democratise space and use it for good in order to improve life on Earth now and for the future generations.

We are a fast-growing company aiming to provide sustainable and environmentally friendly launch solutions for small and medium-sized satellites and constellations into Low Earth Orbit. The company is privately funded by world-leading technology investors with strong commitment and support and our team is made of driven and talented people with a real passion for space innovation.

We\'re making rockets in a way that hasn\'t been done before disrupting a traditional industry. If you are up for the challenge, want to work on cutting-edge projects and be part of a team changing the world for better, come, join us and launch your career!

Want to find out more about us?

Visit www.isaraerospace.com