Senior Application & Product Security Engineer (all genders)

 

.Your Learning Journey in This Role

We are seeking a Senior Application Security Engineer to build and drive our application and product security program from the ground up. As a software development company specializing in language learning, our platform is central to our business, and securing it is critical to maintaining user trust, product reliability, and operational resilience.

This is the first dedicated application security position in the organization. You'll have the opportunity to shape how we approach security across our products and platform from day one. Reporting to the Director of Information Security and internal IT, you will have the ownership and visibility to build a program that scales with the company.

How You’ll Make an Impact

• Build, maintain, and continuously evolve the application and product security program.
• Partner with engineering, product, and platform teams to embed security into the development lifecycle, improve our cloud security posture, and identify risks early with pragmatic solutions.
• Lead threat modeling throughout the development lifecycle to identify and mitigate risks in new features, architectural changes, and existing systems.
• Define and implement secure coding standards, conduct and guide secure code reviews, deliver developer training and best practices.
• Design and manage security automation across the SDLC, including automated scanning, security gates in CI/CD pipelines, policy-as-code enforcement, and software supply chain security.
• Own the vulnerability lifecycle, detection, triage, prioritization, and remediation, while monitoring emerging threats and industry trends relevant to our technology stack.
• Lead application-layer incident response when security issues arise.
• Drive secure AI adoption across the organization by working closely with engineering teams to establish a framework for the responsible and secure use of AI deployments, AI agents, and MCP servers, ensuring security keeps pace with evolving AI capabilities and integrations.

 

Your Skills and Qualifications

Must-Have Skills:

• Strong experience in application security, product security, or software security engineering roles.
• Solid understanding of modern software development practices, cloud-native architectures (APIs, containers, serverless), and cloud platforms (e.g., AWS, GCP, Azure).
• Hands-on experience with secure coding principles, common vulnerability classes (e.g., OWASP Top 10), and secure code reviews.
• Proficiency with security tooling across the SDLC; SAST, DAST, SCA, CSPM, secrets scanning, and CI/CD security automation.
• Experience performing threat modeling and delivering actionable recommendations.
• Familiarity with securing AI/ML systems, LLM integrations, or agentic AI architectures.
• Strong communication skills with the ability to partner with engineers, contribute to architectural discussions, and explain security concepts to non-technical stakeholders.

Nice to Have:

• Background as a software engineer or developer.
• Experience with Infrastructure as Code (e.g., Terraform) and CI/CD automation (e.g., GitHub Actions).
• Experience in a product-led or agile development environment.
• Knowledge of regulatory or certification frameworks (e.g., ISO 27001).

Some perks of becoming a Babbelonian:

• Enjoy 30 vacation days. Plus family and life situation counseling.
• Set up the right schedule for you with flexible working hours and enjoy Jobbatical (up to 3 months working inside the EU and the UK), plus work from our fully equipped office with nap, faith and family rooms. 
• Learn and grow with the internal learning opportunities, and use a yearly learning & development budget for external training. Learn languages with Babbel for free with your full access to Babbel.
• Take advantage of your mobility benefits options and a discounted Urban Sports Club membership.
• Be part of our DE&I Community Networks (such as FLINTA in Tech, and Queer Collective), attend cultural and regular social events.

Please note that our company’s operating language is English so you will need to be able to work in English.

Diversity at Babbel

As part of our ongoing journey towards building a diverse, equitable and inclusive company, we welcome everyone to apply, especially those individuals who are underrepresented in tech. We are a learning company, inside and out, and we encourage you to apply even if you do not fit all the technical requirements - all candidates are assessed based on skills, qualifications and on our business needs. Please state your pronouns in your application, and let us know if you’d like to be addressed by a name other than the one appearing on your official documents. If you have a disability or special need, feel welcome to inform us, so that we can provide you with the proper assistance in the application process.

Sounds good? We are already looking forward to hearing from you! Check out also our jobs page, our blog and our techblog to get an impression about #lifeatbabbel!