Senior Security Engineer - Application Security

Senior Security Engineer - Application Security

Join to apply for the Senior Security Engineer - Application Security role at Trade Republic
. Please note that this position is based in Berlin or London.

Trade Republic is the largest savings platform in Europe – we operate in 17 countries, serving +8 million customers who trust us with over €100B in assets. We are striving to empower everyone to build wealth with easy, safe, and free access to financial systems.

• Partner with engineering teams to embed security into the software development lifecycle from design to deployment.
• Conduct security code reviews, threat modeling sessions, and architecture reviews for critical applications and services.
• Design and implement SAST, DAST, and SCA solutions to identify vulnerabilities early in the development process.
• Build and maintain application security testing automation within CI/CD pipelines.
• Develop secure coding standards, security libraries, and reusable security components for engineering teams.
• Perform penetration testing and vulnerability assessments of web applications, APIs, and mobile applications.
• Triage, prioritise, and remediate application vulnerabilities working closely with development teams.
• Create security champions program and provide security training to engineering teams.
• Research emerging application security threats and integrate defensive measures into the security architecture.
• Contribute to bug bounty program management and coordinate with external security researchers.

• 5+ years as a Security Engineer with 4+ years focused on application security.
• Deep understanding of web application security (OWASP Top 10, API security, authentication/authorization).
• Hands‑on experience with security testing tools (Burp Suite, OWASP ZAP, Semgrep, etc.).
• Strong programming skills in modern languages (Python, Java, Kotlin, Go, or JavaScript).
• Experience integrating security tooling into CI/CD pipelines (Git Hub Actions, Git Lab CI, Jenkins).
• Expertise in secure architecture patterns for microservices, APIs, and distributed systems.
• Solid understanding of cryptography, secure session management, and identity/access management.
• Hands‑on experience with security testing of cryptocurrency/blockchain infrastructure and applications is a major bonus.
• Experience with mobile application security (iOS/Android).
• Knowledge of compliance frameworks (PCI‑DSS, GDPR, MaRisk) is advantageous.
• Excellent communication skills to translate security concepts for engineering audience.

Our culture rewards ownership, excellence, and high energy. We care deeply about outcomes and hold each other accountable – we’re here to win and fix one of the largest challenges Europeans face, closing the pension gap and democratizing wealth. If this gets you fired up, reach out!

• Seniority level:
  Mid‑Senior level
• Employment type:
  
  Full‑time
• Job function:
  Information Technology (Technology, Information and Internet)

We’re committed to creating an environment where everyone feels respected and has equal opportunity to thrive in their careers. For any questions on DEI during the interview process, reach out to your recruitment partner.