At Enpal, we are pursuing the dream of building the largest renewable community in Europe. Enpal finally simplifies providing solar energy: We rent out solar systems, electricity storage, and wall boxes at an all-inclusive rate, supplemented by a favorable green electricity tariff; True to the motto "digital, decentralized, and 100% renewable", our heart beats both for the rapid development of a company and for combating the greatest challenge of our generation - climate change.
As a Staff Application Security Engineer (f/m/d), you will be responsible for ensuring the security of our applications throughout the software development lifecycle (SDLC). You will work closely with development, product, and DevOps teams to embed security practices, conduct threat modeling, and lead secure code reviews.
Our vision to make sustainable solar energy available to everyone can only come to live through our customer and product-oriented view, and the cooperation between software development, product management and lean, experiment-driven business development.
We emphasize proactive and continuous security measures, helping us stay ahead of potential threats and ensuring robust protection of assets, applications and services.
· developing application Security Program : Partner with software engineering and product teams to embed security across all stages of the SDLC (design, development, testing, deployment).
· establishing Security Training & Mentorship : Serve as a hands-on security advisor to developers by offering training, guidance, and support on secure software development practices and security champions development.
· Define, maintain, and enforce secure coding standards, guidelines, and reusable security patterns across development teams.
you have minimum of 5 years of experience in application security, with a strong understanding of secure coding practices and application security vulnerabilities (e.g., you have hands-on experience embedding security throughout the entire software development lifecycle - from design and coding to integration and deployment
· you have hands-on experience with threat modelling approaches STRIDE, PASTA, DREAD and supporting tools, like TMT, IriusRisk, etc.
· Net is a plus.
· you have experience with security tooling and automation across domains like SAST, SCA, DAST.
· you have experience identifying and addressing security flaws in APIs and applications, with a solid understanding of OWASP principles
· you communicate clearly in English, spoken and written. Knowledge of German is a plus.
· We are one of the biggest players in the solar business and want to make this change with you.
· agile and lean values are embodied by you. Reducing waste by building minimum viable products first, testing it with real users, growing and maintaining solutions as requirements evolve.
Work in Germany's first green unicorn and actively shape the solar energy revolution.
Even after the pandemic, we offer you a hybrid working model
We fulfill every start-up cliché - in our modern office in Berlin-Friedrichshain, you'll find everything your heart desires, from a ping-pong table and yoga corner to a roof terrace and stocked drinks fridges.
Your kick-start at Enpal - Get to know the company, your team colleagues and our founder Mario on your onboarding day.
Stay up to date - Whether it's company figures at our monthly all-hands meetings or how a photovoltaic system works at the Lunch & Learn, you'll always know exactly what's going on.
Energy transition only works together - At Enpal, you can expect a legendary team spirit and unforgettable team events.