This position is posted by Jobgether on behalf of a partner company. We are currently looking for a Senior Application & Infrastructure Security Engineer in Germany. In this role, you will take full ownership of securing a modern, high-traffic digital platform across its entire technology stack—from cloud infrastructure to application layers. You will operate in a fast-paced, high-growth environment where security is a core pillar of product reliability and user trust. Working closely with engineering, DevOps, and product teams, you will proactively identify risks, design robust defenses, and respond to emerging threats. This is a hands-on, high-impact role that combines strategic oversight with deep technical execution. You will also contribute to building a strong security culture while shaping scalable practices in a dynamic and evolving ecosystem. Accountabilities: Own and continuously improve the end-to-end security posture across infrastructure, APIs, and applications Identify, assess, and remediate vulnerabilities across frontend, backend, and cloud environments Design and enforce security controls, including WAF configurations, bot mitigation, and rate-limiting strategies Harden cloud infrastructure by implementing best practices in access control, network security, and system configuration Lead threat modeling sessions for new features to proactively identify and mitigate risks Monitor, investigate, and respond to security incidents, ensuring timely resolution and root-cause analysis Conduct penetration testing and vulnerability assessments, prioritizing remediation based on business impact Define and enforce HTTP security policies and standards across systems Develop and maintain incident response playbooks, including DDoS mitigation strategies Collaborate with engineering teams to embed secure coding practices and review sensitive code changes Manage vulnerability disclosure processes and external security reports Produce clear security documentation, reports, and risk assessments for stakeholders Requirements: 8 years of experience in application, infrastructure, or web security roles Deep knowledge of common security vulnerabilities (e.g., OWASP Top 10) and mitigation techniques Strong experience with cloud security, particularly in AWS environments (IAM, VPC, monitoring tools, etc.) Expertise in web application security, including API protection, authentication mechanisms, and frontend/backend risks Hands-on experience with security tools such as Burp Suite, OWASP ZAP, or similar Proven ability to detect and mitigate DDoS and other large-scale attack vectors Experience with SIEM systems, log analysis, and incident response workflows Knowledge of security frameworks and compliance standards (e.g., ISO 27001, SOC 2, GDPR) Familiarity with integrating security testing into CI/CD pipelines (SAST, DAST, SCA) Strong communication skills, with the ability to explain technical risks to non-technical stakeholders Detail-oriented mindset with strong analytical and problem-solving skills Benefits: Competitive salary package aligned with experience and expertise Fully remote work environment with flexible working hours Opportunity to work on a high-scale, innovative platform with real-world impact Collaborative and fast-moving team culture Professional growth opportunities and exposure to advanced security challenges Inclusive and diverse workplace environment How Jobgether works: We use an AI-powered matching process to ensure your application is reviewed quickly, objectively, and fairly against the role's core requirements. Our system identifies the top-fitting candidates, and this shortlist is then shared directly with the hiring company. The final decision and next steps (interviews, assessments) are managed by their internal team. We appreciate your interest and wish you the best! Why Apply Through Jobgether? Data Privacy Notice: By submitting your application, you acknowledge that Jobgether will process your personal data to evaluate your candidacy and share relevant information with the hiring employer. This processing is based on legitimate interest and pre-contractual measures under applicable data protection laws (including GDPR). You may exercise your rights (access, rectification, erasure, objection) at any time. LI-CL1 We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.