Senior Information Security Engineer (AppSec)

About Camunda

Camunda is a leader in enterprise agentic automation, orchestrating complex business processes across agents, people, and systems. They create production-ready, enterprise-grade agents with built-in governance, uniquely delivering trusted AI agents for business-critical processes. Over 700 leading innovators, including Atlassian, ING, and Vodafone, rely on Camunda to accelerate time-to-value, boost operational efficiency, and elevate customer experiences. Recognized as a Visionary in the 2025 Gartner® Magic Quadrant™ for Business Orchestration and Automation Technologies (BOAT), Camunda is a fully remote, global company named to GP Bullhound’s 2024 Top 100 Next Unicorn list, certified as a Great Place to Work, and recognized by Flexa for true flexibility.

About The Role

As a Senior Information Security Engineer (AppSec) at Camunda, you will join a small, senior, and highly collaborative InfoSec team that embodies the FAITH values – Focus, Ambition, Integrity, Talent and Humor. This hands-on, developer-centric role involves partnering with product and engineering teams throughout the entire SDLC to ensure the platform is designed, built, and shipped securely. You will shape how secure Java services are built in a modern CI/CD, SaaS environment, strengthen AppSec tooling and practices, and directly influence customer trust and adoption of Camunda. This position offers the flexibility to be based anywhere that supports effective collaboration within CET to Eastern Time working hours.

What You'll Be Doing

• Partner with engineering teams across the SDLC – from design and architecture discussions to implementation, testing, and deployment – to embed security by design into products.
• Lead and evolve AppSec tooling and workflows by implementing, tuning, and integrating SAST, DAST, SCA, and container/image scanning into CI/CD pipelines, ensuring actionable findings for developers.
• Drive vulnerability management for applications and the supply chain, including triaging, prioritizing issues, coordinating fix/mitigate/accept decisions, and continuously improving security posture.
• Perform secure design and architecture reviews and threat modeling for distributed, API- and microservices-based systems, guiding teams in understanding security trade-offs and making risk-based decisions.
• Support and help coordinate application-layer security incidents and escalations, collaborating with Engineering, Support, and other stakeholders for investigation, containment, and learning.
• Assist the InfoSec team with security audits, customer assurance, and other related processes.

What You Bring

• Strong Java engineering and secure coding background, with substantial hands-on experience building and reviewing Java services, working in CI/CD environments, and securely shipping SaaS or other cloud-based applications.
• Secure SDLC, architecture, and risk assessment experience, including secure design reviews, threat modeling for distributed/API/microservices systems, and performing risk assessments on product changes or new features.
• Vulnerability management and security tooling expertise, with a proven track record of implementing and tuning SAST/DAST/SCA and container/image scanning, evaluating and triaging findings, and driving fix/mitigate/accept decisions with engineering teams.
• Exceptional cross-team collaboration and communication skills, enabling effective work with diverse stakeholders and clear, pragmatic explanations of complex security issues to both technical and non-technical audiences.
• A developer-centric, incident-savvy mindset, comfortable managing security incidents, acting as an enabler, and influencing teams towards risk-based, practical security improvements.

Nice-to-haves

• Experience developing in Python, JavaScript, or TypeScript in addition to Java.
• Hands-on experience securing Kubernetes- or container-based workloads and modern cloud environments.
• Prior work in a B2B software company, especially in high-availability or multi-tenant contexts.
• Experience running security training, talks, or workshops for engineering teams.

Compensation

Camunda offers competitive, fair, and transparent compensation with location-based salary ranges. For the United States, the Annual Total Target Cash (base salary + 100% variable target, where applicable) ranges from $143,800.00 to $231,900.00. Equity is also offered through their Virtual Stock Option Plan (VSOP).

Benefits & Perks

Benefits are globally designed and locally delivered, including a remote and flexible work environment with home office budgets and flexible time off. Camunda invests in in-person connections through annual kickoffs and team offsites. Health and wellbeing are supported through locally tailored healthcare, global mental wellbeing resources, and a Live Well Lifestyle Spending Account. Financial security includes retirement/pension plans and insurance where relevant. Professional growth is encouraged with up to $/€/£1,000 per year for self-driven learning.

Key skills/competency

• Application Security
• Java Security
• Secure SDLC
• Threat Modeling
• Vulnerability Management
• CI/CD Security
• SaaS Security
• SAST/DAST/SCA Tools
• Microservices Architecture
• Cloud Security