Application Security Specialist (f/m/d)
About the Role
Location Germany Bayern Erlangen
1. Country: Israel
2. State/Province/County: Central District
3. City: Rosh HaAyin
Company Siemens Energy Global GmbH & Co. KG Organization EVP Global Functions Business Unit Digital Products and Solutions Full / Part time Full-time Experience Level Mid-level Professional A Snapshot of Your Day
As an Application Security Specialist, you will be the bridge between our security and engineering teams, fundamentally strengthening our security posture from within. Your proactive approach will help us build robust, secure software from the ground up, protecting our sensitive data and customer trust. By embedding security directly into our development processes, you will enable our teams to innovate faster and more securely. You will play a crucial role in preventing costly breaches and ensuring the confidentiality, integrity, and availability of our most critical assets. Your day-to-day will be dynamic, blending hands-on security work with strategic collaboration.
How You’ll Make an Impact
4. Perform regular and ad-hoc security assessments, code reviews, and penetration testing on web, mobile, and API applications.
5. Identify, analyze, and track security vulnerabilities, providing actionable remediation mentorship to development teams.
6. Work with product and development teams to incorporate security guidelines into all phases of the Secure Development Lifecycle (SDLC).
7. Develop and integrate automated security testing tools (SAST, DAST) into the CI/CD pipeline.
8. Explore and address security incidents linked to applications within the incident response procedure.
9. Participate in developing and enforcing application security policies and procedures. Develop and deliver security awareness and secure coding training for our engineering teams.
What You Bring
10. A bachelor’s degree in Computer Science, Cybersecurity, or a related field, or equivalent experience.
11. Multiple years of practical experience in application security, penetration testing, or a related position, with a solid grasp of typical vulnerabilities (such as OWASP Top 10) and mitigation strategies.
12. Proficiency in programming languages such as Python, Java, and, enabling effective code review and tool development.
13. Proficient knowledge of secure coding principles and familiarity with security assessment tools such as Burp Suite and OWASP ZAP.
14. Preferred certifications: Certified Secure Software Lifecycle Professional (CSSLP), Certified Ethical Hacker (CEH), or Offensive Security Certified Professional (OSCP).
15. Strong analytical and problem-solving skills with a proactive approach to complex technical challenges. Excellent communication skills for both technical and non-technical audiences, with full professional proficiency in English.