Application Guide

How to Apply for Application Security Engineer

at Kaluza

🏢 About Kaluza

Kaluza is at the forefront of the energy transition, providing intelligent software that empowers suppliers to drive decarbonisation. Their focus on AI and automation in security makes them an innovative leader in a critical industry, offering a chance to make a tangible environmental impact while working with cutting-edge technology.

About This Role

As an Application Security Engineer, you'll blend security expertise with a developer mindset to help engineers safely adopt AI and automate security tasks. You'll embed security early in the SDLC through threat modeling and secure-by-design, directly influencing how Kaluza builds and secures its energy platform.

💡 A Day in the Life

A typical day might start with a stand-up with your engineering team, followed by reviewing a threat model for a new feature with a product manager. You might then triage a vulnerability report from a SAST tool, write a script to automate remediation, and end the day by guiding a developer on secure API design for a GraphQL endpoint.

🚀 Application Tools

Generate Cover Letter

AI-powered, tailored for Kaluza

Interview Prep

Practice questions for this role

🎯 Who Kaluza Is Looking For

  • Has deep knowledge of OWASP Top 10, API Security (REST/GraphQL), and secure SDLC practices, with hands-on experience in cloud-native environments.
  • Possesses a developer mindset, comfortable coding in TypeScript and Go, and can integrate security tools into CI/CD pipelines (e.g., GitHub Actions).
  • Takes a consultative approach, able to explain complex security risks to non-technical stakeholders and guide teams toward pragmatic solutions.
  • Is excited about leveraging AI for security automation (e.g., vulnerability triage, remediation) and helping engineers adopt AI tools safely.

📝 Tips for Applying to Kaluza

1

Highlight specific examples of implementing SAST/DAST/SCA tools in CI/CD pipelines, especially with GitHub Actions, and how you improved fidelity while reducing noise.

2

Demonstrate your developer mindset by mentioning your experience with TypeScript and Go, and include code snippets or links to relevant projects.

3

Showcase your consultative skills by describing a time you explained a security risk to non-technical stakeholders and influenced a decision.

4

Emphasize any experience with AI in security, such as automating vulnerability triage or using AI tools for remediation, even if experimental.

5

Tailor your resume to include keywords like 'threat modeling', 'secure-by-design', 'API security', 'cloud-native', and 'vulnerability management' from the job description.

✉️ What to Emphasize in Your Cover Letter

["Express enthusiasm for Kaluza's mission of driving decarbonisation and how your security skills can directly support that goal.", 'Highlight your ability to bridge the gap between security and engineering, using a consultative approach to embed security early.', 'Mention specific experience with AI in security automation and how you can help engineers adopt AI tools safely.', 'Provide a brief example of a time you reduced noise in security tooling or improved vulnerability management in an engineering team.']

Generate Cover Letter →

🔍 Research Before Applying

To stand out, make sure you've researched:

  • Read Kaluza's blog or tech talks (if available) to understand their engineering culture and security challenges.
  • Research the energy industry's regulatory landscape (e.g., GDPR, NIS Directive) to understand compliance requirements.
  • Look into Kaluza's product offerings and how they help suppliers drive decarbonisation, to align your security recommendations with business goals.
  • Check if Kaluza has any open-source projects or security-related content on GitHub to get a sense of their tech stack and practices.

💬 Prepare for These Interview Topics

Based on this role, you may be asked about:

1 How would you implement and tune SAST/DAST/SCA tools in a CI/CD pipeline to increase fidelity and reduce false positives?
2 Describe your experience with threat modeling. Walk us through a recent example where you incorporated secure-by-design principles.
3 How do you approach explaining a complex security vulnerability to a product manager who has limited technical background?
4 What experience do you have with AI in security? How would you help engineers safely adopt AI tools?
5 Given Kaluza's cloud-native environment, how would you secure APIs (REST/GraphQL) and what tools would you recommend?
Practice Interview Questions →

⚠️ Common Mistakes to Avoid

  • Don't focus only on theoretical security knowledge without showing practical implementation experience in CI/CD and cloud environments.
  • Avoid being too technical without demonstrating communication skills; the role requires explaining risks to non-security stakeholders.
  • Don't ignore the AI aspect; even if you have limited experience, show willingness to learn and experiment with AI for security automation.

📅 Application Timeline

This position is open until filled. However, we recommend applying as soon as possible as roles at mission-driven organizations tend to fill quickly.

Typical hiring timeline:

1

Application Review

1-2 weeks

2

Initial Screening

Phone call or written assessment

3

Interviews

1-2 rounds, usually virtual

Offer

Congratulations!

Ready to Apply?

Good luck with your application to Kaluza!

← Back to Job Listing Apply Now →