Job Specifications
Personio's intelligent HR platform helps small and medium-sized organizations unlock the power of people by making complicated, time-consuming tasks simple and efficient. Our team of 1,500 Personios is building user-friendly products that delight our 15,000+ customers and their 1.5 million employees. Ready to make an impact from day one?
Security Engineer – Product Security (d/f/m)
Location: Munich, Berlin or London
Office setup: 2 days per week in the office
About The Role
Security is a first‑class priority at Personio. As a Product Security Engineer, you will help embed security into everything we build, partnering closely with engineering teams to ensure our platforms are designed and developed securely from day one.
You’ll work hands‑on with product engineers across the organisation, balancing strong security standards with pragmatic, developer‑friendly solutions. From deep technical reviews to scalable tooling and education, your work will have a direct impact on the safety and trust of our products and customers.
What you’ll be doing
Security tooling and automation: Maintain and evolve our product security toolchain, including off‑the‑shelf tools and internal libraries, to integrate security seamlessly into development workflows.
Security reviews and advisory: Act as a trusted security partner to engineering teams through design reviews, code reviews, and ad‑hoc guidance, identifying risks early and preventing issues from reaching production.
Security education and enablement: Drive security awareness across engineering through the Security Champions programme, onboarding sessions for new joiners, and ongoing enablement initiatives.
Security operations support: Participate in security incident response, support internal stakeholders with security expertise, reproduce vulnerabilities, and occasionally conduct targeted internal penetration testing.
External partner management: Collaborate with security vendors and external researchers, manage bug bounty interactions, and coordinate penetration tests with clear scope and focus.
Security documentation and standards: Own and maintain security policies, best‑practice guidelines, and documentation, as well as metrics and reporting for stakeholders and leadership.
Vulnerability and risk management: Own the end‑to‑end vulnerability lifecycle, from discovery and triage through remediation tracking, risk acceptance, and reporting on overall security posture.
What you’ll need to succeed
Experience: 5+ years of hands‑on experience in product security, offensive security, systems security, or equivalent professional experience.
Security engineering fundamentals: Strong knowledge of secure‑by‑default design, least privilege, authentication and authorisation patterns, secrets management, dependency security, and security logging and monitoring.
Threat modelling and vulnerability analysis: Ability to assess real‑world exploitability and attack paths by reviewing code and technical documentation.
Pragmatic remediation skills: Experience guiding engineers on remediation strategies across multiple languages and frameworks (for example Go, Python, Kotlin, PHP).
Stakeholder collaboration: Proven ability to build trust with engineers and balance security needs with developer experience.
Communication skills: Fluent English, with the ability to translate complex security topics for technical, non‑technical, and executive audiences.
Secure SDLC experience: Hands‑on experience implementing and operating SAST, SCA, secrets scanning, vulnerability management platforms, and integrating them into CI/CD pipelines.
Ownership mindset: Proactive, comfortable with ambiguity, and able to prioritise effectively to maximise security impact.
Why Personio
Personio is an equal opportunities employer, committed to building an inclusive, values‑driven culture where everyone feels supported and empowered to do their best work.
We value in‑person collaboration while offering flexibility. This role is office‑based, with two days per week in your contracted office location. The remaining days can be worked from home or in the office, plus 20 Flex Days per year to work remotely from other locations.
In addition, we offer:
A competitive reward package, reviewed annually, including salary, benefits, and pre‑IPO equity
28 days of paid holiday, plus an extra day after 2 and 4 years
One fully paid Impact Day per year
Generous family leave, child support, mental health support, and sabbatical opportunities
Regular team events, cultural initiatives, healthy snacks, drinks, and weekly catered lunches