Senior Application & Product Security Engineer (all genders)

.Your Learning Journey in This Role

We are seeking a Senior Application Security Engineer to build and drive our application and product security program from the ground up. As a software development company specializing in language learning, our platform is central to our business, and securing it is critical to maintaining user trust, product reliability, and operational resilience.

This is the first dedicated application security position in the organization. You'll have the opportunity to shape how we approach security across our products and platform from day one. Reporting to the Director of Information Security and internal IT, you will have the ownership and visibility to build a program that scales with the company.

How You’ll Make an Impact

• Build, maintain, and continuously evolve the application and product security program.
• Partner with engineering, product, and platform teams to embed security into the development lifecycle, improve our cloud security posture, and identify risks early with pragmatic solutions.
• Lead threat modeling throughout the development lifecycle to identify and mitigate risks in new features, architectural changes, and existing systems.
• Define and implement secure coding standards, conduct and guide secure code reviews, deliver developer training and best practices.
• Design and manage security automation across the SDLC, including automated scanning, security gates in CI/CD pipelines, policy-as-code enforcement, and software supply chain security.
• Own the vulnerability lifecycle, detection, triage, prioritization, and remediation, while monitoring emerging threats and industry trends relevant to our technology stack.
• Lead application-layer incident response when security issues arise.
• Drive secure AI adoption across the organization by working closely with engineering teams to establish a framework for the responsible and secure use of AI deployments, AI agents, and MCP servers, ensuring security keeps pace with evolving AI capabilities and integrations.

Your Skills and Qualifications

Must-Have Skills:

• Strong experience in application security, product security, or software security engineering roles.
• Solid understanding of modern software development practices, cloud-native architectures (APIs, containers, serverless), and cloud platforms (e.g., AWS, GCP, Azure).
• Hands-on experience with secure coding principles, common vulnerability classes (e.g., OWASP Top 10), and secure code reviews.
• Proficiency with security tooling across the SDLC; SAST, DAST, SCA, CSPM, secrets scanning, and CI/CD security automation.
• Experience performing threat modeling and delivering actionable recommendations.
• Familiarity with securing AI/ML systems, LLM integrations, or agentic AI architectures.
• Strong communication skills with the ability to partner with engineers, contribute to architectural discussions, and explain security concepts to non-technical stakeholders.

Nice to Have:

• Background as a software engineer or developer.
• Experience with Infrastructure as Code (e.g., Terraform) and CI/CD automation (e.g., GitHub Actions).
• Experience in a product-led or agile development environment.
• Knowledge of regulatory or certification frameworks (e.g., ISO 27001).

Some perks of becoming a Babbelonian:

• Enjoy 30 vacation days. Plus family and life situation counseling.
• Set up the right schedule for you with flexible working hours and enjoy Jobbatical (up to 3 months working inside the EU and the UK), plus work from our fully equipped office with nap, faith and family rooms.
• Learn and grow with the internal learning opportunities, and use a yearly learning & development budget for external training. Learn languages with Babbel for free with your full access t