
Staff Security Engineer (m/f/x)
HelloFresh is looking for a Staff Security Engineer to join its Security Tribe and help shape the next generation of security capabilities. This is a senior individual-contributor role for a deeply technical, pragmatic, builder-minded engineer working across Cloud Security, Application & Product Security, Offensive Security, and GenAI Security. The focus is on building scalable internal security products, paved roads, guardrails, and self-service capabilities that let engineering teams move faster and safer.
Responsibilities
- ▹Own and elevate secure design and architecture at scale, embedding architectural patterns, reference designs, and guardrails for security-by-default across the organization.
- ▹Define and drive security architecture across cloud environments with a strong focus on AWS, Kubernetes, IAM, network security, workload protection, and secrets management.
- ▹Build and scale cloud security guardrails using automation, policy-as-code, Infrastructure as Code, and platform-native controls.
- ▹Partner with engineering and product teams to embed security into the SDLC through threat modeling, secure design reviews, security testing, and developer-friendly remediation.
- ▹Build internal security products that make security self-serviceable for HelloFresh teams.
- ▹Lead initiatives across SAST, DAST, SCA, IaC scanning, secret detection, vulnerability management, and software supply chain security.
- ▹Drive offensive security activities including penetration testing, adversary simulation, purple teaming, and detection/response validation.
- ▹Establish security patterns and controls for GenAI and AI/ML systems, including LLM apps, AI agents, RAG systems, prompt injection risks, data leakage, and AI governance.
- ▹Coordinate with external security partners, auditors, and consultants to scope, conduct, and review engagements.
- ▹Use GenAI as a force multiplier to reduce toil, improve workflows, and accelerate internal capability building.
- ▹Mentor senior engineers and act as a trusted security advisor across engineering, product, platform, data, and leadership.
Requirements
- ▹8+ years in security engineering, software engineering, cloud security, application security, or offensive security.
- ▹Deep hands-on experience securing cloud-native environments, preferably AWS, with strong knowledge of IAM, Kubernetes, networking, logging, detection, and infrastructure security.
- ▹Strong application and product security experience, including threat modeling, secure architecture reviews, OWASP risks, API security, and SDLC security.
- ▹Practical offensive security experience, including penetration testing, vulnerability research, exploitability analysis, or red/purple team exercises.
- ▹Strong engineering skills in one or more languages (e.g., Python, Go, Java, TypeScript), able to build production-grade systems and security tooling.
- ▹Experience building automation, internal tools, developer platforms, security guardrails, or self-service security capabilities.
- ▹Ability to influence without authority, communicate complex risks clearly, and translate security problems into scalable engineering solutions.
Nice to have
- ▹Experience securing GenAI, LLM, AI agent, RAG, or ML systems.
- ▹Familiarity with OWASP Top 10 for LLMs, MITRE ATLAS, NIST AI RMF, AI gateways, LLM guardrails, prompt evaluation, or AI red teaming.
- ▹Familiarity with modern security tooling such as CNAPP/CSPM, SAST, DAST, SCA, IaC scanning, secret scanning, WAF, SIEM, EDR, or vulnerability management platforms.
Soft skills
What we offer
- ▹Competitive compensation package with a HelloFresh-subsidized pension scheme.
- ▹Berlin relocation support.
- ▹Hybrid working model.
- ▹Discounts on your weekly HelloFresh box and office meals.
- ▹German language learning budget and access to the HelloFresh Academy.
- ▹Mental health support (Headspace, Spill), 24/7 gym access, and wellbeing platforms.
- ▹Transportation perks and working-parent-friendly benefits.
- ▹Sabbatical leave options.
About the company
HelloFresh is one of Europe's fastest-growing tech companies and the world's leading meal kit company, with a diverse global community of over 90 nationalities. Its Security Tribe builds the next generation of security capabilities across cloud, application, offensive, and GenAI security.