(Senior) Penetration Tester & Security Consultant

What you will do with us

• In this role, you will perform internal penetration tests independently and take over the technical coordination as well as the scoping of external security assessments.
• You will validate and verify discovered vulnerabilities within the Vulnerability Management framework to determine their actual exploitability and prioritize them based on real business risk.
• Following successful remediation by the responsible teams, you will independently conduct structured retests to ensure that the security findings are sustainably resolved.
• As part of Purple Teaming activities, you will purposefully simulate modern attacker techniques and work closely with the Detection & Response team to verify and continuously improve the effectiveness of existing SIEM, EDR, and monitoring controls.
• You will support new systems, critical architectures, and major infrastructure changes before they go live by conducting thorough security reviews and threat modeling.
• Your goal will be to identify potential attack paths and structural security weaknesses early on, effectively preventing them from becoming operational risks.
• Acting as a key sparring partner, you will collaborate cross-functionally with teams across Detection & Response, Vulnerability Management, Incident Management, IT, and Engineering to turn findings into real security improvements.
• You will actively drive the sustainable establishment and strategic development of our internal offensive security capability, directly shaping the overall security maturity of the company.

What you will bring with you

• You bring a deep understanding of infrastructure, cloud, and identity security, along with solid hands-on experience in web and API penetration testing according to established frameworks like OWASP.
• In your daily work, you are proficient with standard security tools such as Burp Suite, Nmap, BloodHound, PingCastle, and Git, and you possess strong scripting skills.
• Ideally, you hold recognized offensive security certifications such as OSCP, PNPT, CRTO, GWAPT, or possess a comparable practical qualification such as a BSI IT-Grundschutz Practitioner or Consultant.
• You have proven technical experience reviewing and testing complex environments, including Linux, Windows, Powershell, and Active Directory architectures.
• Experience working within German or European regulatory environments, such as ISO 27001, BSI IT-Grundschutz, TISAX, KRITIS, or NIS2, is considered a strong plus.
• You are characterized by strong documentation and reporting skills, enabling you to structure complex technical findings clearly and track them effectively for all stakeholders.
• Fluent German language skills as well as excellent English skills are required to ensure seamless and precise communication across all internal and external interfaces.

Why join us?

• Your freedom: pro rata mobile working and flexible working hours
• Your team: open, familiar, appreciative culture including team events
• Your environment: dynamic, innovative and agile working environment
• Your role: high level of personal responsibility and freedom to implement your ideas
• Your development: regular trainings and seminars in our academy
• Your four-legged friend: dogs are welcome in our offices (campus)
• Your health: numerous offers for preventive care, fitness, Yoga@work, etc.
• Your benefits: employee discounts, company leasing bikes, company pension plan and much more