Application Security Engineer (m/f/d) in Konstanz or Berlin

Mission

Strengthen and scale application security practices across KNIME, ensuring that products used by thousands of data professionals and Fortune 500 companies meet enterprise-grade security standards.

Role Overview

As Application Security Engineer, you will be the driving force behind security awareness, enablement, and engineering across KNIME's software development organization. You'll embed security by design into the SDLC, manage supply chain and vulnerability risks, and collaborate closely with engineers, architects, DevSecOps, and IT/ISMS teams to continuously raise the security bar.

Responsibilities

• Raise awareness of software security across KNIME, especially within the software development organization
• Organize and lead internal trainings and workshops on security topics such as OWASP Top Ten
• Partner with software architects and engineering teams to embed security best practices early in the SDLC
• Track usage of third-party libraries through SBOM technologies, validate security issues, and ensure timely remediation
• Improve automated tooling and processes for enhancing security posture together with the DevSecOps team and engineering leaders
• Conduct periodic internal penetration tests and coordinate external penetration tests including follow-up and issue tracking
• Collaborate with IT and ISMS teams on compliance and certification topics such as ISO 27001 and SoC2

Requirements

• Degree in Computer Science or a related field
• 5+ years of experience as an Application Security Engineer
• Strong technical knowledge of supply chain security, authentication and authorization standards, common vulnerabilities, secure coding practices, and issue remediation
• Deep interest in software security research with up-to-date knowledge of emerging threats and best practices
• Solid understanding of modern web applications and microservice architectures
• DevSecOps and programming experience with ability to work closely with engineering teams
• Fluent in English; German is a plus

What Success Looks Like

• A security-aware engineering culture with teams consistently applying secure coding practices
• Robust supply chain and vulnerability management with timely remediation across the organization
• Enterprise-grade compliance maintained across ISO 27001, SoC2, and related certifications
• Continuously improving security posture supported by strong automated tooling and processes
• KNIME products trusted by enterprise customers as secure, reliable, and compliant

What we offer

Security with impact: Shape the security posture of products used by thousands of data
professionals and Fortune 500 companies worldwide.

Ownership & influence: Define and elevate security standards across teams in a company where
user trust and open-source principles matter.

Collaboration at depth: Work closely with experienced engineers, architects, and IT specialists in a
transparent, international environment.

Learning: Continuous learning through hands-on challenges, peer exchange, and exposure to cutting-
edge security and AI topics.

Sports: Subsidized gym memberships and sport courses in select locations.

Flexibility: Hybrid or remote options (depending on location) and flexible working hours to support
your work-life balance.