← Back to list
Job · Senior

Senior Information Security Engineer - Application Security

Security Engineer • Senior • Remote • Full-time • 📍 Remote

As a Senior Information Security Engineer (AppSec) at Camunda, you join a small, senior, and highly collaborative InfoSec team and work hand-in-hand with product and engineering teams across the entire SDLC to make sure the platform is designed, built, and shipped securely. This is a technical, hands-on, developer-centric role shaping how Camunda builds secure Java services in a modern CI/CD, SaaS environment. You can be based anywhere that allows effective collaboration within CET to Eastern Time working hours.

Responsibilities

  • Partner with engineering teams throughout the SDLC to embed security by design from architecture through deployment
  • Lead and evolve AppSec tooling and workflows by implementing, tuning, and integrating SAST, DAST, SCA, and container/image scanning into CI/CD
  • Drive vulnerability management for applications and the supply chain, triaging and prioritizing issues and coordinating fix/mitigate/accept decisions
  • Perform secure design and architecture reviews and threat modeling for distributed, API- and microservices-based systems
  • Support and help coordinate application-layer security incidents and escalations with Engineering, Support, and other stakeholders
  • Help with security audits, customer assurance, and other InfoSec processes

Requirements

  • Ability and willingness to use Camunda's product
  • Strong software engineering and secure coding background, with recent hands-on experience building and reviewing Java services in CI/CD and shipping SaaS/cloud applications securely
  • Secure SDLC, architecture, and risk assessment experience, including secure design reviews and threat modeling for distributed/API/microservices systems
  • Vulnerability management and security tooling expertise, implementing and tuning SAST/DAST/SCA and container/image scanning and triaging findings
  • Cross-team collaboration and communication skills, explaining complex security trade-offs to technical and non-technical audiences
  • A developer-centric, incident-savvy mindset as an enabler rather than a gatekeeper

Nice to have

  • Experience developing in Python, JavaScript, or TypeScript in addition to Java
  • Hands-on experience securing Kubernetes- or container-based workloads and modern cloud environments
  • Prior work in a B2B software company, especially in high-availability or multi-tenant contexts
  • Experience running security training, talks, or workshops for engineering teams

Soft skills

Cross-team collaboration and clear communicationPragmatic, risk-based influence over teamsA developer-centric, enabler mindsetComposure in handling incidents and escalations

What we offer

  • Competitive, transparent, location-based compensation
  • Equity through the Virtual Stock Option Plan (VSOP), where applicable
  • Fully remote and flexible work with a home office budget and co-working support
  • Flexible time off to recharge when needed
  • Locally tailored healthcare, Modern Health mental wellbeing support, and the Live Well Lifestyle Spending Account
  • Retirement and pension plans, plus life and disability insurance where relevant
  • Up to 1,000 EUR/USD/GBP per year for self-driven professional development
  • In-person connection through the annual kickoff, team offsites, and local gatherings

About the company

Camunda is the enterprise platform for agentic orchestration, enabling organizations to coordinate AI agents, people, and systems across complex, end-to-end business processes with built-in governance, auditability, and human oversight. It is trusted by over 700 organizations worldwide, including 9 of the top 10 US banks, and operates as a fully remote, global company transforming into an AI-first organisation built on its own platform.