Application Security Engineer

at epilot GmbH
🔒 Cybersecurity🔵 Mid-level

Job description

Description

Are you ready to be a security leader in the SaaS space? Join epilot!

We are looking for a security-minded engineer who goes beyond finding vulnerabilities and focuses on building automated, resilient defenses into our AWS-powered products. You will combine technical expertise with a proactive security mindset to protect impactful software from the ground up.

epilot is building a SaaS product to sell complex products online, focusing first on solving ecommerce in the rapidly transforming energy market. Our mission: Make selling complex products as easy as selling a pair of shoes online.

As the Application Security Engineer at epilot you will be a driving force in ensuring our products are secure by design. What makes working in engineering at epilot so special? Our unique culture is defined by a few core principles that apply to all our engineers.

Among others, you can expect freedom and responsibility because we hire smart people we can trust. We operate by principles and expect everyone to cultivate a strategic mindset.

We believe in ownership: you secure it, you run it. You will work closely with development teams to integrate security into every stage of the lifecycle. There is no separate security silo to hand things off to, you’ll design, implement, and automate defenses that keep our AWS-powered products safe and scalable. This includes integrating vulnerability testing tools, supporting incident response, and participating in bug bounty triage.

You should always show, don’t tell: Deliver secure, working software early and frequently. We believe in the Agile principle of “Release early and release often,” with the added goal of ensuring security from the first release onward. Fast feedback loops between ourselves, our users, and our security systems help us manage risk and make better decisions.

Does this sound like an environment you want to work in? Then you could bet the right person to be an engineer at epilot!

Check out our promise to you: promise.epilot.cloud

We “epilots” are a team of experts from the fields of software development, energy management, product management and sales. In order to bring our solution even faster and more secured to the top in the energy world, we are looking for you as a Security Engineer

Requirements

What awaits you

As an Application Security Engineer at epilot, you’ll play a key role in building secure-by-default features and hardening the backbone of our cloud-native platform. You’ll work closely with engineers across the stack to shift security left and help us scale securely as we grow.

Here’s what you’ll do:

  • Embed security into our development lifecycle by integrating SAST, DAST, and dependency scanning tools into CI/CD pipelines

  • Collaborate with engineering teams to identify vulnerabilities early and support remediation with actionable guidance

  • Build and maintain automation for security testing and compliance reporting

  • Work hands-on with AWS services to improve cloud security posture and advise on secure architecture

  • Drive threat modeling, participate in secure code reviews, and support bug bounty triage

  • Educate teams on secure coding practices and OWASP Top 10 risks in web and API development

  • Lead or support incident response efforts and post-incident reviews

  • Develop internal tooling or scripts to simplify and automate security operations

What you bring

We’re looking for a security-minded engineer who thrives in a fast-paced, product-centric environment and has the following skills and mindset:

Technical Foundation:

  • Proficient in any modern programming language (e.g. Python, JavaScript, Go, etc.)

  • Conceptual understanding of OWASP Top 10 for both web and API applications

  • Experience with security tooling: SAST, DAST, AWS security services (GuardDuty, IAM, CloudTrail, etc.)

  • Solid understanding of AWS infrastructure and cloud-native architectures

  • Background in scripting or automating processes in CI/CD environments

Bonus Points:

  • You were a software engineer before switching to security — that mindset is gold

  • Certifications like OSCP or AWS Certified Security – Specialty

  • Familiarity with IaC (Terraform, CloudFormation) and Security-as-Code practices

Mindset:

  • You take ownership of initiatives, see them through to completion, and aren’t afraid to challenge the status quo

  • You’re pragmatic and collaborative — security is a team sport, not a gate

  • You love simplifying complex problems and turning them into scalable, automated solutions

What we offer you

At epilot, we believe in rewarding performance, fostering growth, and creating an environment where you’ll thrive:

  • Impactful Work: Be part of a product-driven company that’s reshaping the energy sector.

  • Startup Mentality: Enjoy a dynamic atmosphere with flat hierarchies and open communication.

  • Flexibility: Work remotely or from our centrally located office in Cologne, with flexible working hours.

  • Growth Opportunities: Your career will grow as fast as we do. Learn, experiment, and embrace a “Fail Fast and Often” mentality.

  • Competitive Compensation: We take your desired salary seriously and value performance.

  • Team Spirit: Join us for regular events like summer parties, company breakfasts, and our epic annual epilot summit, where you’ll connect with co-epilots worldwide.

  • Transparency and Openness: Everything is open for discussion in our inclusive and supportive culture.

We are looking forward to your application ^^

Share this job:
Please let epilot GmbH know you found this job on Remote First Jobs 🙏

Similar Remote Jobs

epilot GmbH logo

epilot GmbH

  • 4 remote jobs

Latest Jobs at epilot GmbH

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service 🙏

Apply