Senior Security Engineer - Application Security

As a Senior Security Engineer in our Application Security team, you'll safeguard Trade Republic's applications and development lifecycle through proactive security integration and engineering excellence. Your responsibilities include:

• Partner with engineering teams to embed security into the software development lifecycle from design to deployment;
• Conduct security code reviews, threat modeling sessions, and architecture reviews for critical applications and services;
• Design and implement SAST, DAST, and SCA solutions to identify vulnerabilities early in the development process;
• Build and maintain application security testing automation within CI/CD pipelines;
• Develop secure coding standards, security libraries, and reusable security components for engineering teams;
• Perform penetration testing and vulnerability assessments of web applications, APIs, and mobile applications;
• Triage, prioritise, and remediate application vulnerabilities working closely with development teams;
• Create security champions program and provide security training to engineering teams;
• Research emerging application security threats and integrate defensive measures into the security architecture;
• Contribute to bug bounty program management and coordinate with external security researchers

Core Experience:

• 5+ years as a Security Engineer with 4+ years focused on application security
• Deep understanding of web application security (OWASP Top 10, API security, authentication/authorization)
• Hands-on experience with security testing tools (Burp Suite, OWASP ZAP, Semgrep, etc.)
• Strong programming skills in modern languages (Python, Java, Kotlin, Go, or JavaScript)
• Experience integrating security tooling into CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins)
• Expertise in secure architecture patterns for microservices, APIs, and distributed systems
• Solid understanding of cryptography, secure session management, and identity/access management
• Hands-on experience with security testing of cryptocurrency/blockchain infrastructure and applications is a major bonus
• Experience with mobile application security (iOS/Android)
• Knowledge of compliance frameworks (PCI-DSS, GDPR, MaRisk) is advantageous
• Excellent communication skills to translate security concepts for engineering audience

Please note that this position is based in Berlin or London.

Our culture rewards ownership, excellence, and high energy. We care deeply about outcomes and hold each other accountable - we're here to win and fix one of the largest challenges Europeans face - closing the pension gap and democratising wealth. If this gets you fired up, reach out!

We believe it's our team's varied identities and backgrounds that make us sharper and stronger. We're committed to creating an environment where everyone feels respected and has equal opportunity to thrive in their careers.

Trade Republic is the largest savings platform in Europe - we operate in 17 countries, serving +8 million customers who trusted us with over 100B in assets. But we're striving for more. We have a bold mission to empower everyone to build wealth with easy, safe, and free access to financial systems. You will have the opportunity to grow your career by collaborating with a team of outstanding talents and state of the art technology to build a lasting, positive future for millions., Trade Republic is Europe's largest savings platform that enables people to save, invest or trade with just three taps. The company was founded in 2015 by Christian Hecker, Thomas Pischke and Marco Cancellieri and today reaches over 340 million people in 17 European countries. Based on fundamental technological innovation, the company was built to democratize access to capital markets for all Europeans. It offers investing in savings plans, fractional investing and ETFs as well as derivatives or crypto. Trade Republic is a technology company supervised by Bundesbank and BaFin. As Europe's largest savings platform, Trade Republic has received investments by Accel, Peter Thiel's Founders Fund, Ontario Teachers', Sequoia and TCV.Mission: Trade Republic is on a mission to set millions of Europeans up for wealth creation with secure, easy and commission-free access to capital markets.With over one million customers, Trade Republic is already the home screen app for many Europeans to manage their wealth. Participating in capital markets has been a privilege of the elite for too long. Trade Republic was founded with the conviction to democratize access to capital markets. Especially in times of high inflation and the growing pension gap, everyone should get the chance to participate in economic growth.Through state-of-the art technology, Trade Republic brings saving, investing and trading directly to the mobile phone, tablet or computer while freeing customers from unnecessary costs - so everyone can become a shareholder in just a few steps.