Staff Security Engineer, Product Security team (all genders)
Delivery Hero
Description
Company Description
As the world’s pioneering local delivery platform, our mission is to deliver an amazing experience, fast, easy, and to your door. We operate in around 65 countries worldwide powered by tech, designed by people. As one of Europe’s largest tech platforms, headquartered in Berlin, Germany. Delivery Hero has been listed on the Frankfurt Stock Exchange since 2017 and is part of the MDAX stock market index. We enable creative minds to deliver solutions that create impact within our ecosystem. We move fast, take action and adapt. No matter where you're from or what you believe in, we build, we deliver, we lead. We are Delivery Hero.
Job Description
We are looking for a Staff Security Engineer (all genders) to join our Product Security team on our journey to always deliver amazing experiences.
We are looking for a pragmatic, high-impact individual contributor to join our Product Security team as a Staff Product Security Engineer (IC4). In this pivotal role, you will drive the overarching technical strategy for application security, ensuring we reduce real-world risk across our entire product landscape without slowing down engineering velocity.
You will champion a "Secure by Design" philosophy, moving away from reactive auditing and security gatekeeping. Instead, you will treat security as a collaborative engineering challenge, designing the automated guardrails, developer tooling, and technical frameworks that enable our engineering teams to scale rapidly and securely by default. As a Staff-level individual contributor, your leadership will extend beyond the immediate product boundaries and you will achieve domain-wide impact by seamlessly bridging the gap between Application Security, AI/ML security, Infrastructure Security, and Security Operations.
Your mission:
- Drive Product Security Maturity: Drive the strategic technical roadmap for the Product Security team, ensuring threat-modeling methodologies and secure coding practices scale efficiently across our global web and mobile application ecosystem.
- Lead Threat Modeling & Security Architecture Reviews: Apply your expertise to identify complex security design flaws early in the Software Development Life Cycle (SDLC) using frameworks and automation tools, co-authoring architectural blueprints that are secure by default.
- Scale Vulnerability Management & Governance: Architect and run our vulnerability management program at scale. You will ingest inputs from internal testing, automated tooling, and external Bug Bounty / Vulnerability Disclosure Programs, systematically validating and ranking vulnerabilities based on actual business risk.
- Master Stakeholder Management: Translate complex software and AI-related vulnerabilities into clear, actionable business risks, partnering closely with engineering leadership and product verticals to drive timely remediation without friction. systematically tracking and optimizing metrics such as Mean Time to Remediate (MTTR) and SLA Adherence % to elevate our overall security posture.
- Automate DevSecOps & CI/CD Pipelines: Replace manual gates with seamless DevSecOps workflows, embedding automated security testing tools (SAST, DAST, SCA) directly into developer pipelines to catch high-risk flaws early.
- Pioneer AI-Driven Security Automation: Champion the adoption of artificial intelligence and LLMs to revolutionize our security workflows. You will design and implement cutting-edge AI-powered code security automation, leverage AI for automated vulnerability triage, and build smart security automation guardrails that scale engineering productivity.
- Cross-Domain Collaboration & CSPM Management: Drive domain-wide impact by collaborating with Infrastructure Security to leverage Cloud Security Posture Management (CSPM) platforms, ensuring that application vulnerabilities are contextualized with cloud risk. Partner with Security Operations (Detection & Response) to ensure proper appl