Security Engineer

At Staffbase, security is at the heart of everything we build. Our Product Security team helps keep our products and customer data secure while enabling engineering teams across the company. We believe the best security work happens when people bring their authentic selves and diverse perspectives to the table and we're proud of the unique mix of talents and backgrounds in our team.

As an enablement team, we provide tools, guidance, and insights that allow developers to integrate security early in the development process. We see security not as a blocker but as a trusted partner that is the foundation for better products. With us, you'll get hands-on experience with modern security practices, mentorship from experienced engineers, and the chance to make a visible impact in a global SaaS environment.

We work together with curiosity, humility, and a growth mindset, supporting each other, taking ownership of our contributions, and celebrating progress along the way. Here, your ideas matter, your work will shape how we build secure products, and you'll have space to grow into new challenges.

What you'll be doing

• Take ownership of tasks that improve our security automation and strengthen our product security pipelines
• Proactively explore the use of AI for vulnerability detection and remediation
• Continuously learn and share knowledge about how vulnerabilities apply in our specific product context
• Support the team by enhancing our services with software engineering solutions
• Collaborate closely with stakeholders across the product department and gain broad exposure to how a growing SaaS company operates
• Maintain our outbound e-mail security by regularly reviewing the related metrics
• Maintain our Web Application Firewall ruleset
• Maintain our central HTML sanitization service written in Typescript

What you need to be successful

• Programming knowledge, preferably in one of: TypeScript, JavaScript, Kotlin, Java, Go, or Python
• Practical knowledge of Unix basics and Kubernetes infrastructure
• Practical knowledge of security topics (e.g. penetration testing, secure software development, vulnerability management, SAST, DAST) and curiosity to deepen this knowledge
• Experience with infrastructure-as-code, preferably via Terraform and Kustomize
• A structured and organized way of working with attention to detail
• Strong communication skills in English (German is a plus)

What you'll get

• Competitive Compensation - we offer attractive salary packages including LTIP (unit-based Long Term Incentive Plan)
• Flexibility - we offer flexible working time models and the option of hybrid work, and support this with a yearly flex work allowance of 1560
• Recharge - with 31 vacation days annually (incl. one floating holiday), plus pro rata fully paid Fridays off during August
• Support - we're offering a company pension scheme
• Volunteers Day - you'll get one day off per year for supporting a social project