(Senior) Security Engineer


  • Location
    • Munich
  • Date Posted
  • 07 Apr 2021
  • Function
  • Tech Ops
  • Sector
  • Business Applications

The Role

At Personio we are on the amazing journey of becoming the leading HR Platform in Europe! After our new $125M Series D funding, bringing our valuation to $1.7B and thus making us the most valuable HR tech company in Europe, we are growing our team more than ever!

Security is a first class priority in Personio and we are looking for an experienced Security Engineer to join our Product & Engineering organization on the mission to implement best in class security automation practices. Personio processes highly sensitive data for thousands of customers and security is the first class citizen in all processes. Our security team is expanding to serve the needs of our customers and our internal engineering teams. You will partner with the engineering teams in a consulting facility throughout the Software Development Life Cycle to ensure that Personio infrastructure and applications are designed and built securely. You will identify potential vulnerabilities and enable developers to understand and remediate such identified vulnerabilities.

Responsibilities include:

  • Representing the Security team in Personio and develop a deep technical understanding of Personio infrastructure, services and architectures
  • Leverage your knowledge to conduct reviews, threat modelling and code reviews on web applications and relevant supporting services and tools.
  • Implement security automation and monitoring tools to protect Personio services: starting from CI pipelines and ending with security checks in production environments.
  • Conduct regular security checks in all layers of Personio’s cloud infrastructure.
  • Monitor Personio systems for security anomalies and alerts.
  • Participate in security incident management.
  • Mentor engineering team members on application of security best practices during conceptualization and implementation of new Personio features.
  • Interpret 3rd party security tools and penetration testing results. Communicate to stakeholders providing advice on vulnerability remediation and risk mitigation.
  • Create relevant documentation and metrics to your stakeholders and business leaders and deliver these in a clear, concise manner.
  • Research and maintain proficiency in attacker Tools, Techniques, Procedures and other security topics.
  • Develop innovative and scalable tools, solutions, and processes to detect security threats, data threats, and enhance security operations.

What you need to succeed

  • BS in Computer Science, Information Security, or equivalent professional experience.
  • More than three years of experience in areas such as application security, offensive security, systems security, network security, and/or incident response.
  • Understanding of security vulnerabilities, threat modeling, attacker exploit techniques, and methods for remediation.
  • Understanding of best practices in security engineering, including secure development, cryptography, security operations, systems security, policy, and incident response.
  • Excellent written and verbal communication skills with the ability to adapt messaging to executive, technical, and non-technical audiences.
  • Excellent written and spoken English skills (C1/C2 on CEFR scale).
  • Ability to drive multiple technically complex security reviews together while remaining effective at providing security guidance to stakeholders.
  • Ability to work with a high degree of autonomy.
  • Knowledge of at least one programming language and scripting skills (E.g: Go, PHP, Kotlin, Python, Perl, Bash, Ruby, etc.).
  • Experience with implementation of security tools and practices in modern, cloud-native environments for customer-facing web-based applications
  • Experience with Infrastructure as Code, CI/CD, configuration management tools in one of the major cloud providers (AWS preferred)
  • Willing to relocate to Munich or Dublin.
  • Preferred experience: 5+ years in Secure SDLC / Left Shift on Security.
  • Preferred experience: 5+ years reviewing and mitigating web application risks as defined by OWASP Top 10/SANS 25.
  • Preferred experience: Implementation of ISMS (e.g. PCI-DSS, ISO 27001).
  • Preferred experience: Relevant industry certifications from SANS, ISC2, etc.

Why Personio

  • Market-proven, Europe’s most valuable HR SaaS and fast-growing company ($250M funding acquired to date)
  • As you are joining Personio at such an early stage, this shows us your trust and confidence in us. We would like you to profit from the success of the company, and therefore, we offer you a competitive compensation package (salary, benefits, and virtual shares)
  • Flexible working hours
  • 26 paid vacation days plus Christmas Eve and New Year's Eve
  • Parental benefit: In case your kids get ill, you may take up to 10 additional days off
  • €1.500 Euros development budget for attending conferences, courses, buying books
  • A permanent contract
  • MacBook Pro and gadgets, including BOSE headsets with noise cancellation
  • Parental benefit: In case your kids get ill, you may take up to 10 additional days off
  • Private Health insurance for Personio employees, spouse and children
  • Your chance to play a decisive role in shaping a company in its rapid growth and to grow and learn from your tasks
  • Apply for this position

About us

Being a Personio means being part of something big. It means shaping the future of HR, the future of our company and at the very same time: your future. As one of the fastest-growing B2B SaaS companies in Europe, we have raised $125 million in ‘Series D’ funding in January 2021, making Personio the most valuable HR technology company in Europe. We have a great product and a fantastic team that will double in 2021, from 500 to 1,000. We already have more than 3,000 customers with a market that is only waiting to be developed further, but we aim high: Our goal is to build the leading HR platform in Europe.

At Personio, we believe in hiring people like you - ambitious, forward thinkers who want to be more than just another employee. Will you be one of them?