Offensive Security Engineer (Cybersecurity)

TL;DR

Offensive Security Engineer (Cybersecurity): Perform deep-dive penetration tests across web apps, APIs, and infrastructure with an accent on uncovering high-impact flaws and developing proof-of-concept exploits. Focus on leading architectural reviews, threat modeling, building custom offensive tools, and researching emerging attack vectors.

Location: Hybrid model with onsite collaboration in Vienna (Austria), Bucharest (Romania), Barcelona (Spain), or Berlin (Germany); 25 days per year to work from any city/country of choice.

Company

Europe's leading user-friendly platform for investing in cryptocurrencies, stocks, precious metals, and commodities, serving over 6 million customers.

What you will do

• Perform penetration tests on web apps, APIs, and infrastructure to uncover high-impact vulnerabilities.
• Develop proof-of-concept exploits and provide remediation strategies to engineering teams.
• Lead architectural reviews and threat modeling in the SDLC.
• Build and integrate custom offensive tools into the development pipeline.
• Research emerging threats, zero-days, and adversary techniques.

Requirements

• 4+ years in application/product security testing
• Deep knowledge of OWASP Top 10, SANS Top 25, and vulnerability prevention.
• Experience translating technical risks into business insights.
• Beneficial: OSCP, BSCP, OSCE, GPEN, or OSWE certifications.
• Curiosity-driven mindset for building, breaking, and securing large-scale systems.

Culture & Benefits

• Hybrid flexibility with 25 extra days to work from anywhere annually.
• Competitive compensation with stock options via pay-for-impact policy.
• Mental health support via OpenUP coaching and counseling.
• Extra time off including 3 wellbeing days in 2026 and 8 weeks gender-neutral parental leave.
• Unlimited Udemy access, partner perks, free onsite meals in Vienna/Bucharest/Barcelona/Berlin, company events, and merchandise.