Product Security Engineer (m/f/d)
About Redcare Pharmacy:
As Europe’s No.1 e-pharmacy, Redcare Pharmacy is powered by passionate teams and cutting-edge innovation. We strive to create a healthy, collaborative work environment where every employee feels valued and inspired to contribute to our vision “Until every human has their health”. If you’re seeking a career that offers purpose and aligns with your values, join us and begin your #Redcareer today.
About the role:
The Product Security Engineer at Redcare will ensure that security is seamlessly integrated into all stages of the software development lifecycle (SDLC), safeguarding the organization’s custom-built software. This role is pivotal in driving a security-first mindset, aligning with Redcare’s goal to be data-driven and KPI-centric. Working closely with Product, Engineering, and Compliance & Governance teams, the Product Security Engineer will develop and implement strategies to protect customer data, meet regulatory requirements, and mitigate security risks across all digital and physical platforms. Key contribution will be to quantify the state of security.
About the role:
* Strategic Security Integration: Collaborate with Engineering to embed secure design principles across the online shops, native apps, AdTech/MarTech platforms, and other custom-built software. Implement security testing tools (SAST, DAST, IAST, SCA).
* Security Audits: Perform security architecture reviews, threat modelling, and code analysis to identify and mitigate vulnerabilities early. As single point of contact, plan and steer security audits in collaboration with IT Governance and ensure alignment of the product roadmap for fast mitigation.
* Vulnerability Management, Thread Detection and Risk Mitigation: Lead proactive vulnerability identification and management, ensuring risks are remediated efficiently. Use tools like Nessus, Qualys, or similar, for continuous scanning, result interpretation, and mitigation. Design, maintain, and execute incident response protocols, coordinating with engineering and governance during product security incidents.
* Data Protection and Compliance: Work with Product Analytics and IT Compliance teams to ensure adherence to regulations like GDPR and PCI-DSS. Accountability of steering customer data security and privacy across personalization, search, and sponsored product features in the department.
* Collaboration and Security Awareness: Partner with Engineering Managers, QA Leads, IT Operations and SRE teams to integrate fast and reliable security testing into development and continuous deployment pipelines. Drive education and training for developers on secure coding practices and threat awareness, and topics like OWASP Top 10, secure APIs, and compliance
* Metrics and Continuous Improvement: Quantify the state of security by defining relevant metrics and driving their adoption through the entire engineering organization.
About you:
* Proven experience in product security, cybersecurity, securing APIs and related fields. Strong skills in vulnerability management tools, secure code review, and automation frameworks.
* Deep understanding of secure software development lifecycle, application security, DevSecOps practices, integrating security into CI/CD pipelines and cloud-native security practices. Proven ability to collaborate with DevOps, engineering, and security teams to promote a security-first mindset.
* Familiarity with data protection regulations (e.g., GDPR) and their application in software development.
* Strong coding and scripting skills in at least one of the following:
o Python, Bash, or PowerShell for security automation, log analysis, and tool integration.
o Java or Node.js for secure, high-performance systems and tools, and API and backend development.
o Infrastructure automation languages such as Terraform HCL or Ansible YAML.
* Knowledge of secure coding practices and the OWASP Top 10.
* Exceptional problem-solving and communication skills, with the ability to educate and influence cross-functional teams.
About your benefits:
In order to provide our employees with the best possible support for their individual needs, we offer a wide range of benefits:
* Sports: Stay healthy. Profit from a membership (M) package at Urban Sports Club, so that you can take advantage of a huge variety of sport offers.
* Mental Health: Get quick and professional help from psychologists of Likeminded if you feel overwhelmed in private or professional life. Anonymous and free of charge.
* Work from Home: If your job does not require you to be present in the office, we can arrange the place you work from individually - even for up to 20 days a year anywhere in the EU.
* Mobility: We provide our employees with a fully costed Deutschland Ticket which can be used at any time. Click here to learn more.
* Personal development: Grow! We support and encourage your individual development through various in- and external trainings.
* And many more :)
Remote work policy:
Our offices are open, but you are free to work from home, from any location in Germany. It is entirely up to you if you want to pop into the office every now and again, or if you work from home all the time. At the same time, we value relationship between all members of the area and therefore we have regular team and area anchor days on which every team member is asked to come to the office.