← Zurück zur Liste
Stelle · Principal

Staff Security Engineer, Product Security Team

Security Engineer • Principal • Vor Ort • Vollzeit • 📍 Berlin

Delivery Hero is looking for a pragmatic, high-impact Staff Product Security Engineer (IC4) to drive the overarching technical strategy for application security and reduce real-world risk across the entire product landscape without slowing engineering velocity. Championing a 'Secure by Design' philosophy, you will design automated guardrails, developer tooling and frameworks, and bridge Application Security, AI/ML security, Infrastructure Security and Security Operations.

Responsibilities

  • Drive the strategic technical roadmap for the Product Security team, scaling threat-modeling and secure coding practices across the global web and mobile ecosystem.
  • Lead threat modeling and security architecture reviews to identify complex design flaws early in the SDLC and co-author secure-by-default blueprints.
  • Architect and run the vulnerability management program at scale, ingesting internal testing, automated tooling and Bug Bounty / Vulnerability Disclosure Program inputs and ranking by business risk.
  • Translate complex software and AI-related vulnerabilities into actionable business risks, tracking MTTR and SLA adherence to drive remediation.
  • Embed automated security testing (SAST, DAST, SCA) directly into DevSecOps CI/CD pipelines.
  • Champion AI/LLM-driven security automation for code security, automated vulnerability triage and smart guardrails.
  • Collaborate with Infrastructure Security on Cloud Security Posture Management (CSPM) and with Security Operations on logging, alerting and incident readiness.
  • Mentor junior and senior engineers and foster a community of Security Champions.

Requirements

  • Proven track record driving complex application security and DevSecOps initiatives as a staff-level IC in massive, global software environments.
  • Deep understanding of modern web and mobile application security, including managing external Bug Bounty and vulnerability disclosure programs.
  • Strong knowledge of AI security frameworks (OWASP Top 10 for LLM Applications, MITRE ATLAS, NIST AI RMF).
  • Practical experience using AI/LLMs for security use cases (vulnerability analysis, script generation, triage optimization, code remediation).
  • Understanding of global data privacy laws (GDPR), ethical AI, and the regulatory impact of the EU AI Act.
  • Strong risk-based vulnerability management, looking past raw CVSS scores to actual business impact.
  • Deep hands-on proficiency in multiple modern languages (Java, Python, Go) to review and remediate complex vulnerabilities (e.g., OWASP Top 10).
  • Working knowledge of cloud security (AWS, GCP or Azure), containers (Kubernetes, Docker) and CSPM alignment.
  • Deep understanding of authentication and authorization protocols (OAuth, OIDC, SAML) and Zero Trust architectures at scale.
  • Working knowledge of security operations, threat detection and incident response.

Nice to have

  • Experience securing highly distributed, event-driven microservices architectures at global scale.
  • History of public security research, CVE discovery, or contributions to open-source security or AI safety tooling.
  • Advanced application security or cloud certifications (CSSLP, CASE, AWS Security Specialty, Google Professional Cloud Security Engineer, or CISSP).

Soft skills

Pragmatic, high-impact individual contributor.Strong stakeholder management and cross-functional influence.Mentorship and ability to build a strong security culture.Collaborative engineering mindset.

What we offer

  • Hybrid working model with 2 days a week at the Berlin campus.
  • 27 days holiday, with an extra day in the 2nd and 3rd year of service.
  • EUR 1,000 educational budget, language courses, parental support and Udemy Business access.
  • Health checkups, meditation, yoga, and gym & bicycle subsidy.
  • Employee Share Purchase Plan, sabbatical bank, public transport ticket discount, life & accident insurance and corporate pension plan.
  • Digital meal vouchers, food vouchers and corporate discounts.

About the company

Delivery Hero is the world's pioneering local delivery platform, operating in around 65 countries and headquartered in Berlin, Germany. One of Europe's largest tech platforms, it has been listed on the Frankfurt Stock Exchange since 2017 and is part of the MDAX stock market index.