Security Engineer App Sec

The job at a glance  
Join our team and you’ll be responsible for supporting our development teams by integrating security tools with our existing technology stack and CI/CD pipelines, helping remediate Application Security findings, and improving our Web Application Firewall.

Working in the Security department you will identify improvements in our Application Security stack and its integrations, streamline change processes using Infrastructure as Code, and play a key role in Stepstone's Security Champions Programme by delivering sessions, supporting Security Champions, and collaborating on application-specific security needs.

This is so important to us. By joining our team, you will be playing a vital role as together we reimagine the labour market to make it work for everybody.

Your responsibilities 

• Collaborate with cross-functional teams to ensure effective detection, triage, remediation, and continuous improvement of Application Security processes.
• Support developers in the triage and remediation of findings generated by the Application Security Testing (AST) stack, including tools such as SCA and SAST, while driving enhancements across the SSDLC.
• Manage and take ownership of the Web Application Firewall (WAF), resolving issues raised by end users and other business stakeholders.
• Support development teams in onboarding domains, endpoints, and APIs to the WAF, as well as maintaining and optimizing WAF rules.
• Support the Application Security Lead with initiatives within the Security Champions programme and assist development teams with Risk, Threat, and Vulnerability identification through Threat Modelling processes.

Your skills and qualifications 

• Experience working with Application Security Testing (AST) technologies, including triage support and providing remediation recommendations.
• Strong knowledge of Web Application Firewall (WAF) solutions, with the ability to assess required changes and justify the most appropriate course of action.
• Experience integrating security tooling into DevOps pipelines, infrastructure automation, and CI/CD processes, including embedding security checks.
• Knowledge of cloud platforms such as AWS and Azure, container orchestration technologies, and the ability to review code in popular programming languages to identify vulnerabilities.
• Proven ability to collaborate and communicate effectively with SOC, GRC, Corporate IT, the wider Security team, and development communities, with a strong understanding of OWASP Top 10 risks (Web App, API, and LLM) and the confidence to operate in ambiguous environments while driving solutions forward.

Our Technology Stack: 

Applications have a variety of programming languages including Java, C#, TypeScript, etc. alongside 

• Terraform 

• AWS ECS Managed 

• AWS / Azure 

• ELK / Cribl / Kafka 

• Claude Code 

The Security Stack includes  

• ASPM solution (eg. Veracode, Wiz, Mend) 

• CSPM solution (eg. Wiz, Lacework, Microsoft Defender for Cloud) 

• CDN and CPN/WAF solution (eg. Cloudflare, Akamai, AWS CloudFront) 

• EDR and SIEM solution (eg. SentinelOne, Microsoft Defender for Endpoint and Sentinel, Crowdstrike) 

• Developer training solutions (eg. Secure Code Warrior, Secure Flag) 

• Bug Bounty Platform (eg. Intigriti, BugCrowd, HackerOne) 

Your benefits 

We’re a community here that cares as much about your life outside work as how you feel when you’re with us. Because your job shouldn’t take over your life, it should enrich it. Here are some of the benefits we offer: 

• Premium medical and dental care  

• Life insurance  

• Flex Benefits - Worksmile Cafeteria System (Multisport, vouchers, tickets etc.)  

• Employee Referral Program  

• Hackathons, Knowledge Sharing Hours, In-house projects  

• Tech and sport communities  

• Events and integration parties  

• Charity initiatives, 2 extra volunteer days  

• English/German classes  

• Game room and chillout zone 

Our commitment 

Equal opportunities are important to us. We believe that diversity and inclusion at The Stepstone Group are critical to our success as a global company, so we want to recruit, develop, and keep the best talent. We encourage applications from everyone, regardless of background, gender identity, sexual orientation, disability status, ethnicity, belief, age, family or parental status, and any other characteristic.