Senior Cloud Security Engineer

About komoot

Komoot is an app that lets you find, plan, and share adventures. Driven by a desire to explore, and powered by the outdoor community’s recommendations, it’s komoot’s mission to inspire great adventures making them accessible to all. And we’re good at what we do: Google and Apple have listed us as one of their Apps of the Year numerous times!

Today, with over 25 million users and 200,000 five-star reviews, Komoot is well on its way to becoming the most popular app for finding, planning, and sharing adventures worldwide.

Join our fully remote team and change the way people explore!

About the role

At komoot we believe that security is an enabler for building a great B2C product. Our users trust us to store their sensitive information securely – anything from location data to photos of their family. In the role of (offensive) security engineer, you’ll join our small but growing security team, getting the opportunity to help us pioneer excellent security practices at komoot. Your challenge will be to find vulnerabilities in our AWS infrastructure, java/javascript applications and mobile apps, and fix them in priority order, in collaboration with komoot’s development teams.

Ready for your next adventure?

What you will do

• Develop emergency plans and exercises for security incidents
• Lead internal penetration testing and triage external bug bounty submissions
• Prioritise vulnerabilities by impact and probability, and mitigate them
• Identify and implement measures for early attack detection
• Continuously harden our CI/CD process and cloud infrastructure
• Plan and implement spam & fraud countermeasures
• Think like an attacker to remain one step ahead at all times
• Confidently communicate security vulnerabilities, and their severity with product owners

Why you will love it

• You’ll work with a truly inspiring product that brings real-life value to our users and empowers them to explore more of the great outdoors.
• We strive for honest security and enable our colleagues to do their best work.
• We strive for a modern tech stack to stay productive and face scaling challenges.
• We are a tech company with little organisational overhead, focusing on ownership and responsibility instead of micro-management and hierarchies.
• This is a remote role – you’re free to work from anywhere that lies between the time zones UTC-1 and UTC+3. Beach? The mountains? Or a co-working space (covered by us)?
• You’ll become part of a diverse, international team and you’ll travel with us (when safe) for team gatherings in amazing locations several times a year. Check out this playlist (https://bit.ly/39xtIrn) to find out more about how we stay close while being remote.

Requirements

You will be successful in this position if you

• Are highly self-driven, responsible and keen to learn and improve.
• Have 3+ years of professional experience in security engineering, penetration testing and/or red/blue teaming.
• Have experience with offensive security.
• Have experience with the security offerings of AWS. Google Cloud is a plus.
• See yourself and security in general as an enabler and not as a blocker.
• Have been responsible for security of a B2C product (web or mobile).
• Are a great communicator in a diverse team.
• Can find and mitigate vulnerabilities in Java, Python and Javascript code. You are fluent in one of these languages.

Sound like you?

We would love to hear from you! Please send us the following:

• Your CV in English highlighting your most relevant experience
• A write-up explaining who you are and why you are interested in working at komoot
• Feel free to send us something that shows us a little more about what you’re interested in, be it your account on GitHub, Twitter, Instagram, Medium or your blog.

Curious to find out more about our recruitment process?

• Find out more info here: https://www.komoot.com/jobs-process
• At komoot we want to make great adventures accessible to everyone. We support diversity and inclusivity within the outdoors and welcome all prospective applicants.
• We have a rolling recruitment process. If this role is online it means it’s still open. We’re accepting applications and actively looking for the perfect candidate. Is it you?

Benefits

Perks

• 38 days of vacation (incl. public holidays)
• Dedicated time and budget to spend on your professional development: classes, conferences, books – you decide!
• Discounts from leading outdoor and cycling brands
• Flexible working hours and ability to work from anywhere in Europe
• Three whole-company gatherings per year in beautiful locations
• Optional “togetherness” trips with your team
• Costs covered for your co-working space membership or your work from home office
• The latest devices and equipment to do your best work