Full-Time Product Security Engineer
Redcare Pharmacy is hiring a remote Full-Time Product Security Engineer. The career level for this job opening is Experienced and is accepting Cologne, Germany based applicants remotely. Read complete job description before applying.
Redcare Pharmacy
Job Title
Posted
Career Level
Career Level
Locations Accepted
Share
Job Details
About the role:
Strategic Security Integration: Collaborate with Engineering to embed secure design principles across online shops, native apps, AdTech/MarTech platforms, and custom-built software. Implement security testing tools (SAST, DAST, IAST, SCA).
Security Audits: Perform security architecture reviews, threat modeling, and code analysis to identify and mitigate vulnerabilities. Plan and steer security audits with IT Governance, aligning with product roadmap for fast mitigation.
Vulnerability Management, Threat Detection and Risk Mitigation: Lead proactive vulnerability identification and management, ensuring efficient remediation. Use tools like Nessus, Qualys, for continuous scanning, result interpretation, and mitigation. Design, maintain, and execute incident response protocols, coordinating with engineering and governance during incidents.
Data Protection and Compliance: Ensure adherence to regulations like GDPR and PCI-DSS, steering customer data security and privacy for personalization, search, and sponsored products.
Collaboration and Security Awareness: Partner with Engineering Managers, QA Leads, IT Operations and SRE teams to integrate security testing into development and continuous deployment pipelines. Drive education and training on secure coding practices and threat awareness (OWASP Top 10, secure APIs, compliance).
Metrics and Continuous Improvement: Define relevant security metrics and drive their adoption throughout the engineering organization.
About you:
Proven experience in product security, cybersecurity, securing APIs. Strong skills in vulnerability management tools, secure code review, and automation frameworks. Deep understanding of secure SDLC, application security, DevSecOps, CI/CD, and cloud-native security.
Proven ability to collaborate with DevOps, engineering, and security teams to promote a security-first mindset. Familiarity with data protection regulations (e.g., GDPR) and their application in software development.
Strong coding and scripting skills (Python, Bash, PowerShell, Java, Node.js, Terraform HCL, Ansible YAML) for security automation, log analysis, tool integration, secure systems and tools, and API/backend development.
Knowledge of secure coding practices and the OWASP Top 10. Exceptional problem-solving and communication skills, with the ability to educate and influence cross-functional teams.