Job Description
Too much data, not enough insight?
We get it. At KNIME, we build software that helps people clean, combine, and understand their data:
fast, efficiently, and without code. And with our focus on Data Analytics & AI, we empower everyone
to turn complex challenges into clear, actionable insights.
You can help make that happen.
We’re not just an open-source data analytics company, we’re a fast-growing, globally recognized
pioneer at the intersection of data and AI. With users in every industry and an international team
from 30+ nationalities as well as a thriving open community.
Join us as an Application Security Engineer in Berlin or Konstanz and help us strengthen and scale
our application security practices across the organization.
Who you are
Experienced: You hold a degree in Computer Science or a related field and at least five years of
experience as an Application Security Engineer.
Security-focused: You bring strong technical knowledge of supply chain topics, authentication and
authorization standards, common vulnerabilities, secure coding practices, and issue remediation.
Research-driven: You have a deep interest in software security research and stay up to date with
emerging threats, tools, and best practices.
Architecturally strong: You understand modern web applications and microservice architectures and
know how to embed security by design.
Hands-on developer: You have DevSecOps and programming experience and feel comfortable
working closely with engineering teams.
Communicative: You are fluent in English (written and spoken); German is a plus. You can explain
complex security topics clearly and pragmatically.
That's the job
Security awareness: Raise awareness of software security across KNIME, especially within the
software development organization.
Training & enablement: Organize and lead internal trainings and workshops on security topics (e.g.,
OWASP Top Ten), empowering teams to build secure software from the start.
Architecture collaboration: Partner closely with software architects and engineering teams to ensure
security best practices are consistently applied and as early as possible in the SDLC.
Supply chain and vulnerability management: Track usage of third-party libraries through SBOM
technologies, validate security issues, and work with engineering team to ensure timely remediation.
Tools and processes: Improve automated tooling and processes for enhancing our security posture
together with the DevSecOps team and engineering leaders.
Penetration testing: Conduct periodic internal penetration tests of our software and infrastructure
and coordinate external penetration tests including follow-up and issue tracking.
Compliance & certification: Collaborate with IT and the ISMS teams on security, compliance, and
certification topics (e.g. ISO 27001 and SoC2) to ensure our products and services meet enterprise-
grade standards.
What we offer
Security with impact: Shape the security posture of products used by thousands of data
professionals and Fortune 500 companies worldwide.
Ownership & influence: Define and elevate security standards across teams in a company where
user trust and open-source principles matter.
Collaboration at depth: Work closely with experienced engineers, architects, and IT specialists in a
transparent, international environment.
Learning: Continuous learning through hands-on challenges, peer exchange, and exposure to cutting-
edge security and AI topics.
Sports: Subsidized gym memberships and sport courses in select locations.
Flexibility: Hybrid or remote options (depending on location) and flexible working hours to support
your work-life balance.
