Aktuelle Jobs & Projekte für IT Spezialisten

Auf der Suche nach einem passenden Job oder dem nächsten Projekt? Wir sind der richtige Ansprechpartner für IT-Fachexperten und unterstützen Sie bei der Jobsuche.

Finden Sie jetzt das passende Angebot
search
reorder
sell
keyboard_arrow_left Zurück
Passt das zu Ihnen?

Application Security Engineer (m/w/d) (DE)

[1455]
honon, OWASP , Python (FastAPI), MS SQL Server, GuardDuty, GraphQL , Dgraph, LLMs

Responsibilities ?Secure Full Stack Development: Design, implement, and review secure backend services using TypeScript (Hono, Node.js, Nest.js) and Python (FastAPI), as well as frontend applications with Next.js, React, and web components. Integrate security features like authentication, encryption, and input validation directly into the code to prevent vulnerabilities. ?Security Best Practices and Architecture: Apply secure software engineering principles (e.g., OWASP guidelines, least privilege, secure-by-design) and design patterns to architect resilient systems. Conduct threat modeling, code reviews, and vulnerability assessments to ensure scalability, modularity, and compliance (e.g., GDPR, SOC 2). ?DevSecOps and Infrastructure Security: Secure and optimize our Kubernetes-based infrastructure, including hardening container runtimes (e.g., Docker), access controls with ArgoCD, and AWS deployments. Implement security in CI/CD pipelines using Terraform for IaC, automate scans (e.g., SAST/DAST), and manage monitoring, incident response, and secrets (e.g., via Vault or AWS Secrets Manager). ?Database and Data Security: Secure data management across databases, including general-purpose SQL (e.g., PostgreSQL, SQLite), NoSQL (e.g., MongoDB), and graph databases (e.g., Dgraph). Implement access controls, encryption, and secure querying to protect sensitive data and knowledge graph integrations. ?Secure API Development: Design and maintain secure REST APIs and GraphQL endpoints, incorporating protections against common threats (e.g., injection, XSS, CSRF) and ensuring secure integrations across the stack. AI and Knowledge Graph Security: Collaborate on securing AI models and deployments, including LLMs for vector search and graph-based retrieval. Protect knowledge graph approaches from risks like data leakage or adversarial attacks, while contributing to secure data integration and intelligent features Required Skills ?Experience: Minimum 4-6 years in security engineering or full stack development with a security focus, including hands-on experience leading secure projects from design to production. ?Technical Stack: Proficiency in TypeScript across the stack; backend experience with Hono, Node.js, Nest.js, and Python (FastAPI); frontend expertise in Next.js, React, and web components. Ability to integrate security into these technologies. ?Security and Software Principles: Deep knowledge of secure development best practices (e.g., OWASP Top 10, secure coding standards), software design principles (e.g., SOLID, DRY), threat modeling, and architectural security (e.g., zero-trust models). ?Databases: Expertise in securing database technologies, including SQL (e.g., PostgreSQL, SQLite) for relational data; NoSQL (e.g., MongoDB); and graph databases (e.g., Dgraph) with knowledge graph approaches for semantic data protection and secure retrieval. ?API and Integration Security: Hands-on experience securing REST APIs and GraphQL schemas, including authentication (e.g., OAuth, JWT) and mitigation of API-specific vulnerabilities. ?DevSecOps and Infrastructure: Proficiency in securing Kubernetes (e.g., RBAC, pod security policies), ArgoCD, AWS (e.g., IAM, GuardDuty), Terraform for secure IaC, and tools for automated security testing, logging, and monitoring (e.g., Falco, Splunk). ?AI/ML Security: Familiarity with securing LLMs, vector embeddings, graph-based retrieval, and knowledge graph approaches, including defenses against AI-specific threats.

Responsibilities

?Secure Full Stack Development: Design, implement, and review secure backend services using TypeScript (Hono, Node.js, Nest.js) and Python (FastAPI), as well as frontend applications with Next.js, React, and web components. Integrate security features like authentication, encryption, and input validation directly into the code to prevent vulnerabilities.
?Security Best Practices and Architecture: Apply secure software engineering principles (e.g., OWASP guidelines, least privilege, secure-by-design) and design patterns to architect resilient systems. Conduct threat modeling, code reviews, and vulnerability assessments to ensure scalability, modularity, and compliance (e.g., GDPR, SOC 2).
?DevSecOps and Infrastructure Security: Secure and optimize our Kubernetes-based infrastructure, including hardening container runtimes (e.g., Docker), access controls with ArgoCD, and AWS deployments. Implement security in CI/CD pipelines using Terraform for IaC, automate scans (e.g., SAST/DAST), and manage monitoring, incident response, and secrets (e.g., via Vault or AWS Secrets Manager).
?Database and Data Security: Secure data management across databases, including general-purpose SQL (e.g., PostgreSQL, SQLite), NoSQL (e.g., MongoDB), and graph databases (e.g., Dgraph). Implement access controls, encryption, and secure querying to protect sensitive data and knowledge graph integrations.
?Secure API Development: Design and maintain secure REST APIs and GraphQL endpoints, incorporating protections against common threats (e.g., injection, XSS, CSRF) and ensuring secure integrations across the stack.
AI and Knowledge Graph Security: Collaborate on securing AI models and deployments, including LLMs for vector search and graph-based retrieval. Protect knowledge graph approaches from risks like data leakage or adversarial attacks, while contributing to secure data integration and intelligent features

Required Skills

?Experience: Minimum 4-6 years in security engineering or full stack development with a security focus, including hands-on experience leading secure projects from design to production.
?Technical Stack: Proficiency in TypeScript across the stack; backend experience with Hono, Node.js, Nest.js, and Python (FastAPI); frontend expertise in Next.js, React, and web components. Ability to integrate security into these technologies.
?Security and Software Principles: Deep knowledge of secure development best practices (e.g., OWASP Top 10, secure coding standards), software design principles (e.g., SOLID, DRY), threat modeling, and architectural security (e.g., zero-trust models).
?Databases: Expertise in securing database technologies, including SQL (e.g., PostgreSQL, SQLite) for relational data; NoSQL (e.g., MongoDB); and graph databases (e.g., Dgraph) with knowledge graph approaches for semantic data protection and secure retrieval.
?API and Integration Security: Hands-on experience securing REST APIs and GraphQL schemas, including authentication (e.g., OAuth, JWT) and mitigation of API-specific vulnerabilities.
?DevSecOps and Infrastructure: Proficiency in securing Kubernetes (e.g., RBAC, pod security policies), ArgoCD, AWS (e.g., IAM, GuardDuty), Terraform for secure IaC, and tools for automated security testing, logging, and monitoring (e.g., Falco, Splunk).
?AI/ML Security: Familiarity with securing LLMs, vector embeddings, graph-based retrieval, and knowledge graph approaches, including defenses against AI-specific threats.

map Hamburg, Deutschland date_range 05.09.2025 update Festangestellt

Boris Wiedner

phone
+49 89 5991822 0
email
b.wiedner@sirato-group.com
Direkter Kontakt

Boris Wiedner

CEO | Geschäftsführer
mail b.wiedner@sirato-group.com
phone +49 89 5991822 0

Kein passender Job? Senden Sie uns eine Nachricht!

Kein passender Job für Sie dabei? Kein Problem! Senden Sie uns einfach Ihren Namen, Ihre E-Mail sowie eine kurze Beschreibung Ihres Jobwunsches. Wir melden uns umgehend mit passenden Vorschlägen!