Werkstudent supporting information security management and business continuity projects for Syneco's energy operations. Engaging in the development and upkeep of management systems and reporting tools.
About the role
- Security Engineer leading internal penetration testing efforts to protect complex systems. Collaborating with SRE team to proactively hunt for weaknesses across applications, cloud infrastructure, and APIs.
Responsibilities
- Lead Internal Penetration Testing: Perform deep-dive manual and automated penetration tests on web applications, mobile apps, and microservices.
- Adversarial Emulation: Design and execute red-team scenarios to test the organization’s detection and response capabilities.
- Vulnerability Management & Exploitation: Beyond scanning, validate and exploit findings to demonstrate real-world risk and prioritize remediation for engineering teams.
- Secure Architecture Review: Conduct threat modeling and architectural "stress tests" to identify logic flaws in new features before a single line of code is deployed.
- Automated Offensive Tooling: Develop custom scripts and integrate offensive security tools (DAST, IAST) into the CI/CD pipeline to catch "low-hanging fruit" automatically.
- Remediation Advocacy: Partner with developers to provide "exploit-to-fix" guidance, ensuring they understand the how and why behind security patches.
- Incident Support: Act as a subject matter expert during security incidents to help analyze attack vectors and post-mortem findings.
Requirements
- 3+ years of specialized experience in Penetration Testing, Offensive Security, or Application Security.
- Expert-level proficiency with the "Hacker’s Toolkit": Burp Suite Professional, Metasploit, Nmap, SQLmap, and various proxy tools.
- Good Scripting Skills: Ability to write custom exploits or automation scripts in Python, Go, or Bash.
- Cloud & Container Expertise: Proven experience attacking/auditing Kubernetes environments, and containerized workloads.
- Deep Web Knowledge: Thorough understanding of OWASP Top 10, SANS Top 25, and common business logic vulnerabilities.
- CI/CD Familiarity: Experience with CI/CD pipelines and automation tools (e.g., Jenkins, GitLab CI).
Benefits
- The opportunity to work on cutting-edge technology and make a real impact on our organization's security posture.
- A collaborative and supportive work environment with a strong focus on learning and development.
- Hybrid working environment.
- Competitive compensation and benefits package.
- The chance to be part of a team that is passionate about security and innovation.
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
No Education Requirement
Tech skills
Location requirements
Security Consultant providing IT - Security Consulting by leveraging knowledge and skills to assist clients. Involved in diverse projects from analysis to execution and results presentation.
Lead functional safety for product development in PEM electrolyzers at Quest One. Collaborate with teams and support certification processes in the field of green hydrogen technology.
Consultant specializing in Cyber & Product Security for clients in a hybrid role. Focused on implementing security strategies and conducting assessments with a collaborative approach.
(Senior) Consultant in Automotive - & Product Security at Wavestone, focusing on cyber security solutions for clients in innovative projects. Collaborative work in a vibrant team environment across multiple German cities.
Information Security Manager focusing on risk management for Xecuro GmbH. Implementing and optimizing risk management processes within a technological environment in Bonn.
Teamlead position for Security Governance & Assurance at Xecuro GmbH in Bonn. Leading team and implementing information security management systems (ISMS).
Information Security Expert working on safe digital solutions, ensuring compliance and conducting risk assessments. Join Xecuro GmbH in shaping Germany's digital future with innovative security measures.
Lead ISSO ensuring security compliance for multi - tenant cloud and hybrid environments at Agile Defense. Responsible for vulnerability analyses and risk management decision - making expertise.
Network Security Engineer focusing on Fortigate Firewalls for Vodafone's global network operations. Troubleshooting, incident management, and collaborative environments driving network security initiatives.