Staff Security Engineer (m,f,x)

<h2><strong>The role</strong></h2> <p>We are looking for a <strong>Staff Security Engineer</strong> to join the Security Tribe and help shape the next generation of security capabilities at HelloFresh.</p> <p>This is a senior individual contributor role for someone who is deeply technical, pragmatic, and builder-minded. You will work across <strong>Cloud Security, Application & Product Security, Offensive Security, and GenAI Security</strong>, with a strong focus on creating scalable internal security products, paved roads, guardrails, and self-service capabilities for HelloFresh teams.</p> <p>You will not only identify risks, but also build the systems, automation, and platforms that help engineering teams move faster and safer.</p> <p>Above all, we are looking for people who will <strong>make HelloFresh</strong> <strong>better.</strong> We believe there are many different ways of developing skills and we love diverse experiences! So even if you don’t “tick all the boxes” but think you’d thrive in this role, we would really like to learn more about you.</p> <h2><strong>What you’ll do</strong></h2> <ul> <li><strong>Own and elevate secure design and architecture at scale across HelloFresh</strong> — championing a security-by-design culture by defining, driving, and embedding robust architectural patterns, reference designs, and guardrails that enable teams to build secure systems by default across the organization.</li> <li>Define and drive security architecture across our cloud environments, with a strong focus on AWS, Kubernetes, IAM, network security, workload protection, secrets management, and secure-by-default infrastructure.</li> <li>Build and scale cloud security guardrails using automation, policy-as-code, Infrastructure as Code, and platform-native controls.</li> <li>Partner with engineering and product teams to embed security into the SDLC through threat modeling, secure design reviews, security testing, and developer-friendly remediation workflows.</li> <li>Build internal security products and capabilities that make security self-serviceable for HelloFresh employees and engineering teams.</li> <li>Lead initiatives across SAST, DAST, SCA, IaC scanning, secret detection, vulnerability management, and software supply chain security.</li> <li>Drive offensive security activities including penetration testing, adversary simulation, purple teaming, and validation of detection and response capabilities.</li> <li>Establish security patterns and controls for GenAI and AI/ML systems, including LLM applications, AI agents, RAG systems, model integrations, prompt injection risks, data leakage, and AI governance.</li> <li>Coordinate with external security