Senior Security Engineer - AppSec [IT AND SECURITY]

The role

We’re looking for a new teammate to join us on the journey of keeping HelloFresh a trusted name - someone with a passion for security and appetite for new challenges. Security Engineers work in a variety of ways to constantly iterate and improve HelloFresh’s security posture. 

You will be part of the squad responsible for maintaining and improving HelloFresh’s Vulnerability Management Program which provides umbrella coverage to Pentest, Red Teaming, Cloud Assessment, Source Code Review, use of vulnerable dependencies, Supply Chain Audits and Bug Bounty program.

What you’ll do

• Perform network/cloud penetration, web and mobile application testing, source code reviews, threat analysis, wireless network assessments, and social-engineering assessments
• Develop comprehensive and accurate reports and presentations for both technical and executive audiences
• Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
• Use formal project management skills in planning, tracking, and reporting to close the remediation loop
• Recognize and safely utilize attacker tools, tactics, and procedures used to perform analysis and identify vulnerabilities
• Develop scripts, tools, or methodologies to improve HelloFresh's Vulnerability Management Program

What you’ll bring

• 4-7 years' experience demonstrating above average ability in any 4 of the following areas of offensive security: Network, Wireless, Cloud, Web, Mobile, API Assessments, Source Code Review, Red Teaming, Social Engineering
• Thorough understanding of network protocols, data on the wire, client-server model, application design and architecture, and different classes of application security flaws
• Proven proficiency in one modern scripting language like Python or Go
• Relevant application penetration testing certifications such as Offensive Security Web Expert (OSWE) certification, GIAC Web Application Penetration Tester (GWAPT), or equivalent mobile/web certification
• Participation in web hacking challenges, competitions or bug bounties
• Development of tools or plugins used to conduct security testing and analysis
• Developing, extending, or modifying exploits, shellcode or exploit tools
• Source code review for control flow and security flaws
• Strong knowledge of tools used for cloud, wireless, web application, and network security testing

What we offer

Elevate your lifestyle! Join one of Europe's fastest-growing tech powerhouses in a dynamic phase of expansion.

• Immerse yourself in a diverse global community of 90+ nationalities.
• Enjoy a competitive compensation package that goes beyond the norm, with perks like a HelloFresh- subsidized Pension Scheme, Berlin relocation support, and a Hybrid working model.
• Elevate your lifestyle with exclusive discounts on your weekly HelloFresh box and office meals.
• Invest in your growth with a German language learning budget, and access to the HelloFresh Academy.
• Plus, we've got your well-being covered with mental health support, transportation perks, and working-parent-friendly benefits. From our 24/7 gym access,wellbeing platforms like Headspace and Spill, to sabbatical leave options, HelloFresh is not just a workplace; it's a lifestyle of perks and possibilities!

#IT #Security

HelloFresh is committed to the principles of equal employment opportunity and providing reasonable accommodations to candidates with disabilities. If you need an accommodation during the application process, please reach out to us at:

Europe: EUaccommodations@hellofresh.com.
APAC: APACaccommodations@hellofresh.com
United States: USCandidateAccommodations@hellofresh.com
Canada: CAaccommodations@hellofresh.com