(Senior) Security Engineer (d/f/m)

Paymenttools is on a mission to transform the payment landscape for retailers in Europe. With more than 4,4 billion visitors per year in our more than 15,000 REWE Group stores and travel agencies in 21 countries we know exactly what consumers and merchants need when exchanging goods for money. We strongly believe in making payments seamless and invisible, linking them with value added services within the framework of a reliable identity service. Our mantra: #wesolvepayn. We blend cutting-edge technology with stringent security to protect sensitive payment data while nurturing innovation in a cloud-native tech environment.

As a (Senior) Security Engineer, you will play a critical role in establishing secure coding practices across various development environments. Collaborating closely with software engineers across the organization, your mission is to embed security best practices across the entire development lifecycle. You’ll act as a champion for secure coding, advise teams on secure architecture and threat modeling, and help drive secure DevOps automation and tooling initiatives.

Your Tasks

• Act as a subject matter expert in application security and actively promote best practices across engineering teams.
• Lead and execute the deployment and rollout of security platforms.
• Continuously improve the organization’s DevSecOps maturity.
• Integrate security controls into CI/CD pipelines and evangelize a strong DevSecOps culture.
• Collaborate on the design and implementation of Identity & Access Management (IAM) in distributed systems.
• Develop automated workflows for vulnerability management.
• Facilitate threat modeling workshops and support teams in making risk-based architectural decisions.
• Document security implementations and contribute to engineering security standards.
• Ideally, you also bring experience in penetration testing or red teaming and have worked in regulated environments such as FinTech.

Your Experience

• Strong background in security engineering, with a focus on application security and cloud-native environments (Kubernetes, Postgres).
• Deep expertise in application security, including secure frameworks, libraries, and common attack vectors.
• Hands-on experience with DevSecOps tools and practices, specifically integrating security into GitHub Actions (CI/CD).
• Experience with Infrastructure as Code (IaC), preferably using Terraform or OpenTofu.
• Proficiency in programming languages such as Python or Golang to automate security workflows.
• Experience with LLM tooling and workflows, with an interest in AI-Agenting and multi-agent systems.
• Clear and concise communication skills in English, with the ability to influence and coach both technical and non-technical stakeholders. German-language skills are a plus.
• Ideally, you have experience with GCP and CNAPP platforms (e.g., Wiz).
• Ideally, you have experience with compliance frameworks such as ISO 27001, PCI-DSS, or KRITIS, and bring knowledge in IAM design, including role-based access control and OAuth2/OIDC.

Our Benefits

• Deutschland ticket, subsidized subscription
• 1.000 euro annual learning and development budget + internal training platforms
• Discounts on travel, fashion, technology,  and more through our corporate benefits 
• REWE discount card for discounts for REWE group retailers 
• JobRad, affordable bicycle leasing!
• Company pension plan 
• Insurance Services

Perks of working with us

• We work in a hybrid environment
• Flexible working hours that fit your workflow, your time matters!
• Language courses (English and German)
• Responsibility from day one
• Work with modern and agile software such as Google Workspace, Slack, Asana, Jira, Lattice, Miro and Confluence
• Company events including Hackathons and Company Days (ask us more about these!)

We are looking forward to getting to know you - so, even if you feel that you don’t quite meet all the requirements, but the position still excites you and you think you would love to work with us, please reach out! We would still love to hear from you. We explicitly encourage applicants within groups that are underrepresented in tech spaces as of today. We value all kinds of backgrounds and walks of life.