Senior Backend Security Engineer at komoot

Remote | International
Location: Anywhere between the time zones UTC-1 and UTC+3


Millions of people experience real-life adventures with our apps. We help people all over the world discover the best hiking and biking routes, empowering our users to explore more of the great outdoors. And we’re good at it: Google and Apple have listed us as one of their Apps of the Year numerous times—and, with more than 17 million users and 100,000 five-star reviews – komoot is on its way to becoming one of the most popular cycling and hiking platforms. Join our fully remote team of 70 people and change the way people explore!

About the role

At komoot we strongly believe in the power of automation. Written rules are good, automated security checks are better. As security engineer at komoot, you’ll join a team of backend developers who live and breathe the DevOps principle. We’re looking for a new team member who can complement our group with their `Sec` knowledge.

Ready for your next adventure?

What you will do (Tasks)

  • Extend our CI/CD process with automatic security scanning for vulnerable dependencies, static code analysis and compliance checks
  • Build, improve, and maintain core services like our OAuth2 API
  • Set-up rate-limiting, monitoring and alerting on infrastructure and services
  • Assist your fellow developers in understanding and mitigating security vulnerabilities
  • Manage our bug-bounty program, triage reports and coordinate a responsible disclosure
  • Assess, analyse and prioritize security risks across our (AWS) infrastructure

Why you will love it

  • You work on the global (AWS) infrastructure for one of the most popular consumer applications – komoot inspires millions of people to enjoy the great outdoors
  • We constantly re-iterate on our tech stack, improve automation and remove legacy implementations
  • We believe good ideas count more than job titles.
  • You’ll work in a small and supportive cross-functional team.
  • You’ll work together with enthusiastic engineers, who also love the outdoors.
  • You can work from wherever you want, be it a beach, the mountains, your house, co – working location of your choice, our HQ in Potsdam or anywhere else that lies in any time zone situated between UTC-1 and UTC+3
  • You’ll travel with our team to amazing outdoor places several times a year (when safe) to exchange ideas, learnings and go for hikes and rides. Check out this video to find out more about our team.


You will be successful in this position if you:

  • Are highly self-driven, responsible and keen to learn and improve
  • Have 5+ years of professional experience with AWS (including their organizations, compliance and security offerings)
  • Have been responsible for security in a typical web-stack environment for 3+ years – you’re familiar with typical risks in development and operations, and how to address them
  • Have deep knowledge of networking including tls and dns, and you’re not afraid to debug traffic with a network packet analyzer
  • Have professional experience with Infrastructure as Code, CI/CD, monitoring, logging and alerting
  • Have professional experience in developing distributed and resilient (containerized) web applications in AWS
  • Have experience with Java, Python or Kotlin.
  • Bonus: JavaScript / web programming experience
  • Are a great communicator in a diverse team

Sound like you?

Great, we would love to hear from you! Please send us the following:

  • Your CV in English highlighting your most relevant experience
  • A write-up explaining who you are and why you are interested in working at komoot
  • Feel free to send us something that shows us a little more about what you’re interested in, be it your account on GitHub, Twitter, Instagram, Medium or your blog.

At komoot we want to make great adventures accessible to everyone. We are committed to promoting diversity and inclusivity within the outdoors and welcome all prospective applicants.

Our recruitment process is on – rolling and if this role is online it means it is still opened and active and we are actively looking for a candidate.

See all Developer Jobs >

Sign up for Daily Remote Job Alerts!