CISTEC AG

Zürich

Last month

Senior Application Security Engineer (80 - 100%)

  • 09 April 2026
  • 80 – 100%
  • Permanent position
  • Zürich

Job summary

Join CISTEC as a Senior Application Security Engineer and shape healthcare! Enjoy a collaborative culture with impactful projects.

Tasks

  • Lead Security Champions and promote knowledge sharing across teams.
  • Implement 'Shift-Left-Security' in the software development lifecycle.
  • Serve as the go-to for application security in agile teams.

Skills

  • Several years of experience in software engineering with web technologies.
  • Thorough understanding of IT security measures and standards.
  • Fluent in German; English and French are a plus.

Is this helpful?

About the job

Senior Application Security Engineer (80 – 100%)

Shape the future of healthcare with us.

At CISTEC, we develop and operate KISIM, one of Switzerland's leading clinical information systems. Our product supports medical professionals, nursing staff, and specialists in everyday clinical practice – from regional hospitals to university hospitals, from psychiatry to rehabilitation. What drives us is the conviction that good software relieves people and improves patient care.

Grow with us.

Since our beginnings with two employees, we have developed into a market-leading IT company with over 250 dedicated professionals – and we continue to grow. Here, competence, team spirit, and passion come together. If you want to be part of a success story that shapes Swiss healthcare daily, then you are exactly right with us.

Innovative together. For more time with people.

Your tasks

  • Professional leadership of our Security Champions, promotion of knowledge exchange, and co-responsibility for building our Security Champion guild, taking into account our internal security policies, best practices, and secure coding guidelines.
  • Establishment of "Shift-Left-Security" and early integration of security principles throughout the software development lifecycle.
  • Central contact person for all aspects of application security and advising our agile development teams on implementing secure software.
  • Participation in the implementation and validation of security measures in the codebases of our modern web apps (mobile, widescreen, desktop) within the extensive ecosystem of our clinical information system KISIM.
  • Leading threat modelling as well as supporting secure code reviews and analysis of external penetration tests.
  • Evaluation, implementation, and optimisation of our security tools (SAST, DAST, SCA) with integration into our CI/CD pipelines.

In this role, you work closely with the CISO, product owners, software architects, DevOps engineers, and developers to effectively implement security requirements.

Your profile

  • Several years of practical experience as a software engineer with web technologies (React, TypeScript, Node.js, GraphQL, GitLab CI, Argo CD, Kubernetes, and Postgres or comparable).
  • Completed studies in computer science, business informatics, or similar.
  • Solid experience in implementing IT security measures in software projects as well as confident handling of common security standards, attack scenarios, and tools (OWASP Top 10, SAST, DAST, SCA).
  • Knowledge of SaMD and ISO-81001-5-1 is an advantage.
  • Enjoy sharing your knowledge, coaching others, and driving initiatives independently. Initial experience in mentoring or leading a community of practice is a big plus.
  • Ability to explain complex technical matters clearly and convincingly at all levels.
  • Fluent German skills in spoken and written form; English and French are advantageous.

We offer you

Meaningful work with impact: You work on exciting projects at the interface of AI and healthcare – in an interdisciplinary team that creates real added value.

Innovative environment: Together we develop pioneering solutions that sustainably improve clinical everyday life – with tangible impact for health professionals.

Flexible working: Part-time work, flexible hours, and home office are a matter of course. After the probation period, you can work remotely up to four days a week.

Learning and innovation culture: We actively promote your further education and support you in attending specialist conferences and trade fairs. Flat hierarchies and an open, agile team environment create space for personal and professional development.

Attractive benefits: Enjoy 5 weeks of holiday per year. Unpaid leave is possible by arrangement.

Shared experiences: We celebrate successes together – at lunch barbecues, on snow days, or at our team and company events.

Application

Please send your complete application documents by e-mail to: moc.cetsic@gnubreweb

Note for recruiters and headhunters:

We kindly ask you not to send us applications from headhunters or recruitment agencies. Thank you for your understanding.

Diversity and inclusion:

CISTEC stands for equal opportunities and diversity. We welcome applications from all people regardless of personal characteristics or backgrounds.

Categories:

IT / Telecommunications, Testing / Audit / Release Management

Salary estimator

Try our salary estimator to better understand what you can aim for as a IT Security Engineer

Salary for IT Security Engineer