Komoot is an app that lets you find, plan, and share adventures. Driven by a desire to explore, and powered by the outdoor community’s recommendations, it’s komoot’s mission to inspire great adventures making them accessible to all. And we’re good at what we do: Google and Apple have listed us as one of their Apps of the Year numerous times! Today, with over 19 million users and 100,000 five-star reviews, komoot is well on its way to becoming the most popular cycling and hiking app for people who love adventures worldwide.
Join our fully remote team and change the way people explore!
About the role
At komoot we strongly believe in the power of automation. Written rules are good, automated security checks are better. As a security engineer at komoot you’ll mainly support our product development teams but also other teams in the company in finding, evaluating and mitigating current security risks. You’ll help them to improve processes in software development in order to avoid security issues early (shift-left). You build reporting tools in order to get a holistic understanding of security risks at komoot.
Ready for your next adventure?
What you will do
- Manage our bug-bounty program, triage reports with the teams and coordinate a responsible disclosure with the reporters
- Organize pen-testing, audits or company-wide phishing or training events
- Support feature-development early in the process with your expertise. Create security requirements and test cases where needed.
- Establish processes with development teams to find, prioritize and fix vulnerabilities in their codebase.
- Extend our CI/CD pipelines with automatic security scanning for vulnerable dependencies, static code analysis and compliance checks
- Review, understand and control data sharing and permissions between google workspace, trello, slack and further add-ons
- Create a security strategy for our remote MacBooks and Chrome instances
- Support your colleagues when questions arise around phishing or malware.
Why you will love it
- You’ll work in a flat hierarchy structure, where ideas are heard and implemented without multiple levels of gatekeeping.
- You have the freedom to organize yourself the way you work best, using the tools you love.
- You join a new team with the opportunity to influence future approaches and processes.
- Your effort matters: You will protect the personal data of millions of cyclists, hikers and outdoor enthusiasts all over the world.
- We let you work from wherever you want, be it a beach, the mountains, our headquarters in Potsdam or anywhere that lies between the time zones UTC-1 and UTC+3.
- You’ll travel with our team to amazing outdoor places several times a year (when safe) to exchange ideas, learnings and go for hikes and rides. Check out this video to find out more about our team.
You will be successful if you
- You have excellent communication skills. You can explain security risks to developers, product managers and the CEO
- Are highly self-driven, responsible and keen to learn and improve
- Have been responsible for security in a high-traffic environment for 3+ years – you’re familiar with typical risks in development and operations, and know how to address them
- Have solid programming skills for automation in python and bash
- AWS and Google cloud experience is a plus
Sound like you?
Great, we would love to hear from you! Please send us the following:
- Your CV in English highlighting your most relevant experience
- A write-up explaining who you are and why you are interested in working at komoot
- Feel free to send us something that shows us a little more about what you’re interested in, be it your account on GitHub, Twitter, Instagram, Medium or your blog.
At komoot we want to make great adventures accessible to everyone. We support diversity and inclusivity within the outdoors and welcome all prospective applicants.
We have a rolling recruitment process. If this role is online it means it’s still open. We’re accepting applications and actively looking for the perfect candidate. Is it you?