Komoot is an app that lets you find, plan, and share adventures. Driven by a desire to explore, and powered by the outdoor community’s recommendations, it’s Komoot’s mission to inspire great adventures making them accessible to all. And we’re good at what we do: Google and Apple have listed us as one of their Apps of the Year numerous times!
Today, with over 25 million users and 200,000 five-star reviews, Komoot is well on its way to becoming the most popular cycling and hiking app for people who love adventures worldwide.
Join our fully remote team and change the way people explore!
About the role
At komoot, we strongly believe in the power of automation. Written rules are good, automated security checks are better. As a cloud security engineer at komoot, you’ll take care of our AWS and Google cloud organizations. You manage accounts/projects, users, roles, and permissions. You build and maintain security scanning tools and prepare for possible attacks. Together with the software development teams, you extend our CI/CD pipelines with compliance rules for permissions, backups, and encryption.
Ready for your next adventure?
What you will do
Build automation to continuously assess security risks around our AWS/Google cloud infrastructure and further SaaS tools we integrate with like GitHub
Triage reports from our bug-bounty program with the development teams and coordinate a responsible disclosure with the reporters
Organize pen-testing and audits of our software and infrastructure
Define security requirements (encryption, backups, data retention,…) together with our backend and web teams and automate their enforcement
Extend our CI/CD process with automatic security scanning for vulnerable dependencies, static code analysis, and compliance checks
Support new projects and features early in the process with your expertise; Create security requirements and test cases where needed
Why you will love it
You’ll work in a flat hierarchy structure, where ideas are heard and implemented without multiple levels of gatekeeping.
You have the freedom to organize yourself the way you work best, using the tools you love.
With 25+ Mio users from our own apps and external integrations, we face massive traffic and continuous attempts for finding vulnerabilities
You join a new team with the opportunity to influence and design new approaches and processes.
Your effort matters: You will protect the personal data of millions of cyclists, hikers, and outdoor enthusiasts all over the world.
We let you work from wherever you want, be it a beach, the mountains, our headquarters in Potsdam, or anywhere that lies between the time zones UTC-1 and UTC+3.
You’ll travel with our team to amazing outdoor places several times a year (when safe) to exchange ideas, learnings and go for hikes and rides. Check out this video to find out more about our team.
You will be successful in this position if you
Have 3+ years of experience managing AWS organizations. You know the ins and outs of AWS when it comes to security.
Have 3+ years of experience security a typical web-stack environment – you’re familiar with typical risks in development and operations, and how to address them
You are not afraid of using wireshark to debug an issue
Are highly self-driven, responsible and keen to learn and improve
Have solid programming skills for automation in python and bash
Java development and oauth2 experience is a plus
Sound like you?
We would love to hear from you! Please send us the following:
Your CV in English highlighting your most relevant experience
A write-up explaining who you are and why you are interested in working at komoot
Feel free to send us something that shows us a little more about what you’re interested in, be it your account on GitHub, Twitter, Instagram, Medium or your blog.
Curious to find out more about our recruitment process?
firstname.lastname@example.org:~# Helloworld.rs koristi kolačiće kako bi ti pružao najbolje korisničko iskustvo. Nastavkom korišćenja
sajta smatraćemo da imamo saglasnost sa korišćenjem kolačića. Više o kolačićima možeš pročitati ovde.