Senior Application Security Engineer

epilot GmbH Logo

epilot GmbH

📍Remote - Worldwide

Summary

Join epilot as a senior security-minded engineer and build automated, resilient defenses into our AWS-powered products. You will protect impactful software by combining technical expertise with a proactive security mindset. epilot is building a SaaS product for the energy market, aiming to simplify complex product sales online. As an Application Security Engineer, you will ensure product security by design, working closely with development teams to integrate security into every stage of the lifecycle. You will design, implement, and automate defenses, integrate vulnerability testing tools, support incident response, and participate in bug bounty triage. The company values freedom, responsibility, ownership, and a strategic mindset, promoting a culture of early and frequent releases with a focus on security.

Requirements

  • Proficient in any modern programming language (e.g. Python, JavaScript, Go, etc.)
  • Conceptual understanding of OWASP Top 10 for both web and API applications
  • Experience with security tooling: SAST, DAST, AWS security services (GuardDuty, IAM, CloudTrail, etc.)
  • Solid understanding of AWS infrastructure and cloud-native architectures
  • Background in scripting or automating processes in CI/CD environments

Responsibilities

  • Embed security into our development lifecycle by integrating SAST, DAST, and dependency scanning tools into CI/CD pipelines
  • Collaborate with engineering teams to identify vulnerabilities early and support remediation with actionable guidance
  • Build and maintain automation for security testing and compliance reporting
  • Work hands-on with AWS services to improve cloud security posture and advise on secure architecture
  • Drive threat modeling, participate in secure code reviews, and support bug bounty triage
  • Educate teams on secure coding practices and OWASP Top 10 risks in web and API development
  • Lead or support incident response efforts and post-incident reviews
  • Develop internal tooling or scripts to simplify and automate security operations

Preferred Qualifications

  • You were a software engineer before switching to security — that mindset is gold
  • Certifications like OSCP or AWS Certified Security – Specialty
  • Familiarity with IaC (Terraform, CloudFormation) and Security-as-Code practices
  • You take ownership of initiatives, see them through to completion, and aren’t afraid to challenge the status quo
  • You’re pragmatic and collaborative — security is a team sport, not a gate
  • You love simplifying complex problems and turning them into scalable, automated solutions

Benefits

  • Impactful Work : Be part of a product-driven company that’s reshaping the energy sector
  • Startup Mentality : Enjoy a dynamic atmosphere with flat hierarchies and open communication
  • Flexibility : Work remotely or from our centrally located office in Cologne, with flexible working hours
  • Growth Opportunities : Your career will grow as fast as we do. Learn, experiment, and embrace a “Fail Fast and Often” mentality
  • Competitive Compensation : We take your desired salary seriously and value performance
  • Team Spirit : Join us for regular events like summer parties, company breakfasts, and our epic annual epilot summit, where you’ll connect with co-epilots worldwide
  • Transparency and Openness : Everything is open for discussion in our inclusive and supportive culture

Share this job:

Disclaimer: Please check that the job is real before you apply. Applying might take you to another website that we don't own. Please be aware that any actions taken during the application process are solely your responsibility, and we bear no responsibility for any outcomes.