Security Engineer

Join a team that's building the core digital infrastructure for a leading German health-tech platform. Our client pioneered the country's first digital sick note and has since become a trusted provider of digital care services.

We’re looking for a hands-on Security Specialist who doesn’t just “advise”, but actually helps shape how security is built into the architecture, code, and infrastructure. You should be comfortable working test-first, doing careful, low-risk refactors, and using patterns only when they genuinely help (not because “it’s best practice”).

We're looking for someone to join ASAP! :)

Our perks

• work environment with zero micromanagement - we cherish autonomy
• 100% remote work, recruitment & onboarding
• experienced team from 4 to 15+ years in commercial projects
• unique memes& pets channel
• private medical insurance and sports card
• we want you to join our team. We are neither the agency giving you projects from time to time, nor huge corporation where you are a "dev XYZ". At Idego - you matter!

Codzienne zadania

• Conducting practical penetration tests (Node.js/TypeScript, API, iOS/Android) using tools such as Burp Suite
• Identifying and remediating vulnerabilities (e.g., authorization bypass, injection, deserialization flaws)
• Defining and implementing secure API standards (JWT/OAuth, TLS/mTLS, validation, rate limiting, CORS)
• Hardening infrastructure (Kubernetes/GCP, Postgres, Redis/BullMQ) and securing mobile applications
• Creating and continuously improving Secure SDLC practices (threat modeling, code reviews, SAST/DAST in CI/CD)
• Implementing automated monitoring (eBPF, Falco) and supporting incident response
• Collaborating on GDPR, ISO 27001, and SOC 2 initiatives
• Write clean, testable code that's easy to understand and maintain across our products

Must have

• Node.js
• TypeScript
• GCP
• OWASP
• Cloud security
• Kubernetes
• API
• Security