Software Engineer and Security Researcher

combit
Konstanz, Germany
9 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior

Job location

Remote
Kösching, Germany

Tech stack

Artificial Intelligence
Amazon Web Services (AWS)
Azure
Cloud Computing
Cloud Computing Security
Computer Security
Software Debugging
Intrusion Detection and Prevention
Cloud Platform System
Large Language Models
Cyber Threat Analysis
Production Code
Terraform
Vulnerability Analysis

Job description

  • Design, build, and ship product features end-to-end: from security research to architecture and production code to release.
  • Apply cybersecurity expertise to every feature decision: what to detect, how to model risk, what makes a finding actionable, where customers will be misled by noise, and howto translate raw cloud signal into something a security team can trust and act on.
  • Own cloud security capabilities across CSPM and beyond: posture, identity, attack paths, severity/prioritization, detections, and emerging areas of the platform.
  • Drive AI into the development loop. Use coding agents and LLM tools as a core part of how you design, prototype, build, debug, review, and document. Write strong prompts, evaluate outputs critically, and turn AI-generated work into production-quality code and logic.
  • Move fast, with judgment. Make tradeoffs explicit, ship iteratively, and learn from real customer signals.
  • Collaborate closely with product, research, and engineering peers: clear written specs, sharp communication, clean handoffs, customer-facing rationale.

Requirements

  • 5+ years as a software engineer. You design systems, write production code, reason about reliability and edge cases, and own delivery end-to-end.
  • Strong cybersecurity foundation. You understand threats, controls, identity, cloud risk, and why a "finding" is or isn't worth a customer's attention. This is what makes your feature decisions land.
  • Hands-on experience developing with AI / AI-driven development. This is a MUST.
  • You have meaningfully shipped work where coding agents, LLM tools, or in-IDE AI assistants were a core part of how you built it. You can speak in detail about what worked, what didn't, and how you got real leverage out of these tools.
  • Experience with at least one major cloud platform (AWS preferred; Azure or GCP also valid).
  • Comfortable operating at high pace: small batches, fast iteration, willingness to cut scope to ship, calm under pressure.
  • Strong communication: you can explain engineering and security tradeoffs to both technical and non-technical stakeholders.

Nice to Have:

  • Experience building CSPM/CNAPP products, cloud security detection/analytics pipelines, or other top-tier security products.
  • Experience building or fine-tuning AI-powered developer workflows: custom agents, pipelines, evals, internal AI tooling, prompt frameworks.
  • Familiarity with cloud telemetry/log sources and correlating security signals across configuration, identity, and activity.
  • Infrastructure-as-Code (e.g., Terraform) and cloud-native development experience.
  • Prior security research background: vulnerability research, threat research, or detection engineering.

About the company

combit is a leading provider in the field of reporting components for software development. The portfolio includes the award-winning reporting tool List & Label, which has been continuously enhanced for almost 30 years. The development tool can be seamlessly integrated into ASP.NET applications with any front-end technologies as well as into WPF or WinForms applications, extending them with numerous data visualization options and powerful print and export functions. 

Apply for this position