Staff Security Engineer

foodpanda,a leading local delivery platform within the Delivery Hero Group, is dedicated to revolutionizing the food delivery experience by making it fast, easy, and accessible to customers' doorsteps. Operating across more than 70 countries worldwide, the company leverages cutting-edge technology to connect hungry customers with their favorite local restaurants, ensuring seamless and reliable delivery services. This global presence underscores the dynamic and innovative environment in which our security team operates.

About the Role

As a Staff Security Engineer, you will play a pivotal role in safeguarding our technology infrastructure and data assets. You will be responsible for implementing and maintaining robust security measures to protect our systems, applications, and sensitive information from evolving threats and vulnerabilities. This position offers the opportunity to contribute directly to the security posture of a rapidly growing global platform.

Key Responsibilities

• Design, implement, and manage security controls and solutions for our application and infrastructure environments.
• Conduct security assessments, vulnerability scans, and penetration testing to identify and remediate security weaknesses.
• Develop and enforce security policies, standards, and procedures aligned with industry best practices and regulatory requirements.
• Investigate security incidents, lead response efforts, and contribute to post-incident analysis and remediation plans.
• Collaborate with development teams to integrate security into the software development lifecycle (SDLC) through secure coding practices and architecture reviews.
• Stay abreast of emerging security threats and technologies to proactively enhance our defensive capabilities.

Requirements

• Proven experience in a security engineering role, ideally within a technology-driven environment.
• Strong understanding of network security, cloud security (AWS, Azure, or GCP), and application security principles.
• Experience with vulnerability management, threat detection, and incident response processes.
• Knowledge of security frameworks (e.g., NIST, ISO 27001) and compliance standards (e.g., GDPR, PCI-DSS).
• Excellent problem-solving skills and the ability to communicate complex security concepts effectively to technical and non-technical audiences.
• Relevant certifications (e.g., CISSP, CISM, GCIH, or equivalent) are a plus.