Product Security Engineer

About

Staffbase inspires people to achieve great things together. Our mission is to help organizations unlock the power of inspirational communication with the first AI-native Employee Experience Platform. Our industry-leading and award-winning agentic AI communications channels - intranet, employee app and email solutions - create engaging experiences that connect and empower employees.

Headquartered in Chemnitz, Germany and New York City, with offices in Berlin, London, Sydney, Tokyo, Prague, and Minneapolis–St. Paul, our diverse team of 750+ employees supports 2,000+ customers—reaching over 16.4 million employees—in transforming their employee experience.

We are proud to be a Unicorn company—privately valued at over $1 billion—demonstrating strong growth, innovation, and lasting impact in our industry. Together, we’re shaping the future of workplace communication.

At Staffbase, security is at the heart of everything we build. Our Product Security team helps keep our products and customer data secure while enabling engineering teams across the company. We believe the best security work happens when people bring their authentic selves and diverse perspectives to the table and we’re proud of the unique mix of talents and backgrounds in our team.

As an enablement team, we provide tools, guidance, and insights that allow developers to integrate security early in the development process. We see security not as a blocker but as a trusted partner that is the foundation for better products. With us, you’ll get hands-on experience with modern security practices, mentorship from experienced engineers, and the chance to make a visible impact in a global SaaS environment.

We work together with curiosity, humility, and a growth mindset, supporting each other, taking ownership of our contributions, and celebrating progress along the way. Here, your ideas matter, your work will shape how we build secure products, and you’ll have space to grow into new challenges.

Responsibilities

• Take ownership of tasks that improve our security automation and strengthen our product security pipelines
• Proactively explore the use of AI for vulnerability detection and remediation
• Continuously learn and share knowledge about how vulnerabilities apply in our specific product context
• Support the team by enhancing our services with software engineering solutions
• Collaborate closely with stakeholders across the product department and gain broad exposure to how a growing SaaS company operates
• Maintain our outbound e-mail security by regularly reviewing the related metrics
• Maintain our Web Application Firewall ruleset
• Maintain our central HTML sanitization service written in Typescript

Requirements

• Programming knowledge, preferably in one of: TypeScript, JavaScript, Kotlin, Java, Go, or Python
• Practical knowledge of Unix basics and Kubernetes infrastructure
• Practical knowledge of security topics (e.g. penetration testing, secure software development, vulnerability management, SAST, DAST) and curiosity to deepen this knowledge
• Experience with infrastructure-as-code, preferably via Terraform and Kustomize
• A structured and organized way of working with attention to detail
• Strong communication skills in English (German is a plus)