Security Engineer

About the Role: Security Engineer at AutoScout24

Join the AutoScout24 Information Security team, a highly skilled group dedicated to supporting all our teams in building and running secure digital products. At AutoScout24, cyber security is recognized as an essential part of our business, naturally integrated into all initiatives. We are seeking a Security Engineer who is truly passionate about security – for you!

What You'll Do

• Own End-to-End Risk Management: Identify risk areas, assess the environment, validate risk presence, build detective and preventive controls, track risks in our registry, and partner with teams for mitigation.
• Design and Build Security Products: Ensure products align with infrastructure strategy and integrate smoothly into the software development lifecycle.
• Define and Improve Security Best Practices: Lead initiatives for company-wide adoption of improved security practices.
• Promote Security Product Adoption: Support teams in understanding best practices and applying them to their use cases and needs.
• Technical Area Ownership: Be responsible for multiple technical areas or processes, leading discussions and improvements.
• Participate in On-Call Duties: Triage and respond to security alerts, support user requests, monitor tools, and coordinate with engineering teams.
• Implement Compliance Controls: Implement security compliance for SOC 2 and PCI, supporting the GRC team in broader compliance efforts.
• Investigate Security Incidents: Remediate security incidents and occasionally serve as incident commander.

What We're Looking For

• A genuine interest and passion in security.
• More than two years of working experience as a Security Engineer.
• Hands-on experience with AWS and a solid understanding of secure architecture and secure development principles in cloud environments.
• Strong knowledge of common attack vectors and defense strategies (e.g., OWASP Top 10).
• Experience designing and building security products, ideally leveraging open-source solutions.
• Experience partnering with software engineers and providing security guidance throughout the software development lifecycle.
• Deep understanding of SAST and other code security detective and preventive controls and their integration in development processes and pipelines.
• Proficiency with at least one programming language (preferably Python but not a must).
• Experience with our stack: AWS, CDK, ECS, Docker, SaaS solutions (e.g., GitHub, SonarQube, Okta), Python-based backend tools, and authentication protocols (OAuth, OpenID).
• Enjoy working with Unix environments and command-line tools.
• Experience using AI and GenAI to improve engineering productivity, automate tasks, and streamline workflows. Proactive approach to exploring and adopting AI tools.
• Understanding of emerging AI-related threats and practical approaches to reducing those risks.

You Will Succeed In This Role If You

• Enjoy solving large-scale, complex challenges.
• Take ownership of your solutions from idea to production.
• Pragmatically balance short- and long-term priorities using data.
• Are comfortable with ambiguity and enjoy tackling open-ended problems.
• Have a customer-first mindset, improving developer experience with effective security controls.
• Make every system you work with inherently better.
• Have a pragmatic view of GenAI, understanding its limitations, risks, and how to implement guardrails for safe, compliant, and sustainable usage.

A Culture of Growth

With over 50 nationalities, AutoScout24 welcomes diverse backgrounds, fostering an inclusive community. You'll find tools, training, and support to work flexibly, learn new skills, and reach your potential. Apply now to drive our business and shape your future.

Key skills/competency

• Cloud Security
• AWS
• Risk Management
• Secure SDLC
• OWASP Top 10
• SAST
• Python
• Incident Response
• Compliance (SOC 2, PCI)
• Generative AI Security