Offensive Security Engineer

You will perform deep-dive penetration tests across web applications, APIs, and infrastructure to uncover high-impact security issues. You will develop proof-of-concept exploits and partner with engineers to provide remediation guidance and validate fixes. You will lead architectural reviews and threat modelling, build offensive tools and automation, and research emerging attack vectors and adversary techniques.

Responsibilities

• Perform deep-dive penetration tests across web applications, APIs, and infrastructure
• Develop proof-of-concept exploits to demonstrate vulnerabilities
• Partner with developers to provide technical remediation strategies and validate fixes
• Lead architectural reviews and threat modeling sessions early in the SDLC
• Build and integrate custom offensive tools and scripts into the development pipeline
• Research emerging attack vectors, zero-day vulnerabilities, and advanced adversary techniques

Requirements

• 4+ years of experience in application or product security testing
• Knowledge of common vulnerabilities including OWASP Top 10 and SANS 25
• Experience translating technical risks into actionable business insights
• Familiarity with exploit development and proof-of-concept creation
• Certifications such as OSCP, BSCP, OSCE, GPEN, or OSWE are beneficial
• Curiosity and drive to build, break, and secure large-scale systems

Benefits

• Hybrid working model with flexibility to work remotely and onsite
• 25 days per year to work from a city or country of your choice
• Participation in the stock option plan
• Confidential coaching, counselling, and mental health resources via OpenUP
• 3 additional days off in 2026
• Unlimited access to Udemy course library
• Discounts, rewards, and perks from partners worldwide
• 8 weeks gender-neutral new parent leave
• Free onsite dining in Vienna, Bucharest, Barcelona, and Berlin
• Recognition and rewards for tenure
• Company events and branded merchandise