(Web) Application Security Engineer (m/f/d)

REWE digital – your Home of IT

We’re a place where techies – and everyone else who loves the world of tech – feel right at home. You belong here if you’re an IT specialist or future thinker. A software developer or system admin. A UXer, product owner, SAP expert or technician – and we just want you to be yourself! 

Our digital world extends from app development and agility, monitoring and market digitalisation to payment systems and collaboration. We’re the REWE Group’s partner in tech. Digitalising and revolutionising retail is our daily business. 

Everyone is welcome, appreciated and seen here. All you have to do is be who you are. We believe that team work is the key to making great things out of good ideas.

Are you ready for REWE digital? Then let’s shape the future together – and enrich the lives of millions of people. REWE digital – come to your Home of IT!

Jobs you can learn from:

• Development and provision of automated security testing tools in the SDLC for development teams as a self-service platform
• Training and technical coaching of development teams in security engineering methods and tools
• Single point of contact for development teams regarding software security, e.g. analysis of vulnerabilities, development of mitigations, SDLC, security architecture, threat modeling, design review, security code review
• Empowered, agile work in and with self-organized teams
• Contribute to the positive security engineering culture in development teams, e.g. by presenting security vulnerabilities, tools or organizing CTFs
• Working with a tech stack that includes GCP, Kubernetes, Nomad, Kafka, Elasticsearch, PostgreSQL, MySQL, Redis, Terraform, and more

Features that define you:

• Enjoy supporting development teams on security topics
• Willingness to meet with the team in Cologne from time to time
• Completed degree in computer science or equivalent training. Alternatively, we are also happy to receive applications from people without the appropriate training but with many years of experience.
• Experience as a software developer e.g. in Java, Go, Kotlin, Skala and frameworks like Spring and Hibernate
• Interest in Automation, CI/CD, DevOps, SDLC, DevSecOps and Microservice architectures
• Knowledge of Web Application Security e.g. OWASP Top 10 vulnerabilities and solutions for them
• You work hands-on, pragmatic and responsible

Basics that make life even better:

• Culture that is celebrated every day at the office, at home and at regular events
• Impact because you develop applications and services for millions of people 
• Tech hub with the latest technologies, tech talks and hackathons 
• Life-work integration thanks to 30 days of annual leave, trusted flexitime, mobile working, sabbatical models, a company crèche and parent-child offices
• Professional development on the basis of a comprehensive workshop programme, professional academies and e-courses 
• Updates at regular in-house workshops, conferences and weekly stand-ups 
• No-stress commuting with the subsidised JobTicket, a JobRad cycle and parking spaces right outside the building 
• Group benefits in the form of employee discounts at REWE, PENNY, toom Baumarkt and DER Touristik  
• All-round support including comprehensive health services and pension subsidies 
• Varied breaks and meals through culinary offers