Apaleo's API-first property management platform empowers accommodation providers to design a technology stack that creates unique digital guest & staff experiences. The Apaleo Store enables integrations to hundreds of apps to streamline operations, enhance the guest journey and maximize revenue.

Our open platform consists of 35+ microservices that communicate mainly via Kafka. We also use bleeding edge technologies: .NET, Amazon SQS, PostgreSQL, Terraform, DataDog, Docker, and deployment ECS.

At Apaleo, you will work on building a great product and see it in action, helping customers all over the world to have the best digital environment that fits their needs. Are you up for the challenge? We’re looking for a Principal Product Security Engineer (f/m/d) to join our team!

What You’ll Be Up To:

• Implement security control that prevents misconfigurations of cloud resources, and security observability of best practices about cloud infrastructure;
• Write efficient, maintainable and testable code;
• Leverage your knowledge to conduct reviews, threat modelling and code reviews on applications and relevant supporting services and tools;
• Implement security services, automation, and monitoring tools to protect Apaleo services: ranging from CI pipelines and ending with security checks in production environments to production microservices that enforce security;
• Create relevant documentation and metrics for your stakeholders and business leaders, and deliver these in a clear, concise manner;
• Develop innovative and scalable tools, solutions, and processes to detect security threats and threats to data security;
• Participate in security operations, responding to security incidents and providing security expertise for Apaleo customers and internal stakeholders;
• Proven track record of experience with AWS and container orchestration. Experience with ECS would be a plus;
• Experience with any paradigm of Infrastructure-as-Code (IaC), preferably Terraform.

Your Skills:

• BS in Computer Science, Information Security, or equivalent professional experience;
• More than 3 years of experience in areas such as application security, offensive security, systems security, and/or incident response;
• Strong debugging and problem-solving skills;
• A clear understanding of the balance between security and user friction;
• Understanding of security vulnerabilities, threat modelling, attacker exploit techniques, and methods for remediation;
• Understanding of best practices in security engineering, including secure development, cryptography, security operations, systems security, policy, and incident response;
• Excellent English written and verbal communication skills and the ability to adapt messaging to executive, technical, and non-technical audiences;
• Communicated to stakeholders, providing advice on vulnerability remediation and risk mitigation;
• Mentored engineering team members on the application of security best practices during the conceptualization and implementation of new Apaleo features;
• Knowledge of at least one programming language and scripting skills (C#/.Net);
• Experience with the implementation of security tools and practices in modern, cloud-native environments for customer-facing web-based applications.

What You Will Get From Us:

At Apaleo, you will join a thriving work environment, a start-up in the hotel industry located in Munich, with an international team. You will be a part of an exciting, open, and agile team, where your voice matters and has a company-wide impact. We create a highly attractive product that enables us to see the inspiring materialised end result. We are committed to building a diverse and inclusive environment for everybody: our team is composed of more than 20 nationalities, with different backgrounds and perspectives.

*We are an Equal Opportunity and Affirmative Action Employer, who encourages applications from all qualified individuals without regard to color, race, religion, gender identity, sex, gender expression, national origin, age, marital status, disability, or other non-work-related factors.