Senior Application Security Engineer (m/f/d)

Are you ready to be a security leader in the SaaS space? Join epilot!

We are looking for a senior security-minded engineer who goes beyond finding vulnerabilities and focuses on building automated, resilient defenses into our AWS-powered products. You will combine technical expertise with a proactive security mindset to protect impactful software from the ground up.

epilot is building a SaaS product to sell complex products online, focusing first on solving ecommerce in the rapidly transforming energy market. Our mission: Make selling complex products as easy as selling a pair of shoes online.

As the Application Security Engineer at epilot you will be a driving force in ensuring our products are secure by design. What makes working in engineering at epilot so special? Our unique culture is defined by a few core principles that apply to all our engineers.

Among others, you can expect freedom and responsibility because we hire smart people we can trust. We operate by principles and expect everyone to cultivate a strategic mindset.

We believe in ownership: you secure it, you run it. You will work closely with development teams to integrate security into every stage of the lifecycle. There is no separate security silo to hand things off to, you’ll design, implement, and automate defenses that keep our AWS-powered products safe and scalable. This includes integrating vulnerability testing tools, supporting incident response, and participating in bug bounty triage.


You should always show, don’t tell: Deliver secure, working software early and frequently. We believe in the Agile principle of “Release early and release often,” with the added goal of ensuring security from the first release onward. Fast feedback loops between ourselves, our users, and our security systems help us manage risk and make better decisions.

Does this sound like an environment you want to work in? Then you could bet the right person to be an engineer at epilot!

Check out our promise to you: promise.epilot.cloud

We "epilots" are a team of experts from the fields of software development, energy management, product management and sales. In order to bring our solution even faster and more secured to the top in the energy world, we are looking for you as a Security Engineer

What awaits you
As an Application Security Engineer at epilot, you’ll play a key role in building secure-by-default features and hardening the backbone of our cloud-native platform. You’ll work closely with engineers across the stack to shift security left and help us scale securely as we grow.

Here’s what you’ll do:

• Embed security into our development lifecycle by integrating SAST, DAST, and dependency scanning tools into CI/CD pipelines

• Collaborate with engineering teams to identify vulnerabilities early and support remediation with actionable guidance

• Build and maintain automation for security testing and compliance reporting

• Work hands-on with AWS services to improve cloud security posture and advise on secure architecture

• Drive threat modeling, participate in secure code reviews, and support bug bounty triage

• Educate teams on secure coding practices and OWASP Top 10 risks in web and API development

• Lead or support incident response efforts and post-incident reviews

• Develop internal tooling or scripts to simplify and automate security operations
  

What you bring:

We’re looking for a senior security-minded engineer who thrives in a fast-paced, product-centric environment and has the following skills and mindset:

Technical Foundation:

• Proficient in any modern programming language (e.g. Python, JavaScript, Go, etc.)

• Conceptual understanding of OWASP Top 10 for both web and API applications

• Experience with security tooling: SAST, DAST, AWS security services (GuardDuty, IAM, CloudTrail, etc.)

• Solid understanding of AWS infrastructure and cloud-native architectures

• Background in scripting or automating processes in CI/CD environments
  

Bonus Points:

• You were a software engineer before switching to security — that mindset is gold

• Certifications like OSCP or AWS Certified Security – Specialty

• Familiarity with IaC (Terraform, CloudFormation) and Security-as-Code practices
  

Mindset:

• You take ownership of initiatives, see them through to completion, and aren’t afraid to challenge the status quo

• You’re pragmatic and collaborative — security is a team sport, not a gate

• You love simplifying complex problems and turning them into scalable, automated solutions

What we offer you

At epilot, we believe in rewarding performance, fostering growth, and creating an environment where you’ll thrive:

• Impactful Work: Be part of a product-driven company that’s reshaping the energy sector.

• Startup Mentality: Enjoy a dynamic atmosphere with flat hierarchies and open communication.

• Flexibility: Work remotely or from our centrally located office in Cologne, with flexible working hours.

• Growth Opportunities: Your career will grow as fast as we do. Learn, experiment, and embrace a “Fail Fast and Often” mentality.

• Competitive Compensation: We take your desired salary seriously and value performance.

• Team Spirit: Join us for regular events like summer parties, company breakfasts, and our epic annual epilot summit, where you’ll connect with co-epilots worldwide.

• Transparency and Openness: Everything is open for discussion in our inclusive and supportive culture.
  

We are looking forward to your application ^^