Application Security (AppSec) Specialist - Freelance/B2B ContractLocation: Berlin, Aschaffenburg, Düsseldorf/Dortmund (Onsite once a week in any of these locations)Contract Type: Freelance/B2BContract Length: Initial 3-6 months (with high likelihood of extension)Industry: Energy Software DevelopmentWe are looking for a skilled Application Security (AppSec) Specialist to join our team and lead the implementation of a robust application security framework from the ground up. You will play a pivotal role in securing our energy software products, driving organizational change, and embedding security principles into the development lifecycle.Key Responsibilities:End-to-End AppSec Implementation: Design, develop, and implement a comprehensive application security program from scratch, tailored to the unique needs of a major energy software development project.Security Integration: Embed security best practices throughout the software development lifecycle (SDLC), working closely with development, DevOps, and QA teams.Organizational Change Management: Lead the cultural and procedural shift towards a security-first mindset, ensuring company-wide buy-in and adoption of application security practices.Vulnerability Management: Establish processes for identifying, mitigating, and managing application vulnerabilities, including threat modeling, code reviews, and penetration testing.Security Tools: Evaluate and integrate relevant security tools (e.G., SAST, DAST, RASP) to ensure continuous monitoring and protection of applications.Collaboration: Act as a security advisor to engineering teams, providing training, guidance, and best practices for secure coding and design.Required Skills & Experience:Deep expertise in Application Security (AppSec), with a proven track record of implementing security frameworks from the ground up.Strong understanding of secure coding practices, OWASP Top 10, SAST/DAST tools, and modern development frameworks.Experience in managing organizational change related to security transformations.Hands-on experience with vulnerability assessment, threat modeling, and penetration testing.Excellent collaboration and communication skills to work with technical and non-technical stakeholders.Fluency in English is required and German speaking is a plus. Preferred Qualifications:Experience working in large-scale software development, especially within the energy or tech sector.Familiarity with DevSecOps practices and security automation tools