Security Engineer - Pentest (m,f,x)
Berlin
Applications have closed
HelloFresh
Get started with America’s Most Popular Meal Kit! Enjoy fresh, delicious meal kits with easy recipes for tasty home-cooked meals delivered to your door weekly.The role
We’re looking for a new teammate to join us on the journey of keeping HelloFresh a trusted name - someone with a passion for security and appetite for new challenges. Security Engineers work in a variety of ways to constantly iterate and improve HelloFresh’s security posture.
You will be part of the squad responsible for maintaining and improving HelloFresh’s Vulnerability Management Program which provides umbrella coverage to Pentest, Red Teaming, Cloud Assessment, Source Code Review, use of vulnerable dependencies, Supply Chain Audits and Bug Bounty program.
What you’ll do
- Perform network/cloud penetration, web and mobile application testing, source code reviews, threat analysis, wireless network assessments, and social-engineering assessments
- Develop comprehensive and accurate reports and presentations for both technical and executive audiences
- Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
- Use formal project management skills in planning, tracking, and reporting to close the remediation loop
- Recognize and safely utilize attacker tools, tactics, and procedures used to perform analysis and identify vulnerabilities
- Develop scripts, tools, or methodologies to improve HelloFresh's Vulnerability Management Program
What you’ll bring
- 1-3 years' experience demonstrating above average ability in any 3 of the following areas of offensive security: Network, Wireless, Cloud, Web, Mobile, API Assessments, Source Code Review, Red Teaming, Social Engineering
- Proficiency in identifying vulnerabilities by analyzing web & network based artefacts leveraging ATT&CK matrix, OWASP security testing guide and other penetration testing methodology.
- Thorough understanding of network protocols, data on the wire, client-server model, application design and architecture, and different classes of application security flaws
- Proven proficiency in one modern scripting language like Python or Go
- Relevant application penetration testing certifications such as Offensive Security Web Expert (OSWE) certification, GIAC Web Application Penetration Tester (GWAPT), or equivalent mobile/web certification
- Participation in web hacking challenges, competitions or bug bounties
- Strong knowledge of tools used for cloud, wireless, web application, and network security testing
What we offer
- Comprehensive relocation assistance to move to Berlin plus visa application support
- Healthy discount on weekly HelloFresh boxes
- Subsidised childcare with a professional nannying agency
- Free access to Headspace, biweekly in-house yoga classes (remote since March 2020)
- A diverse and vibrant international environment of 70+ different nationalities
- Additional perks include: Free crash course in German, compensation for advanced external German classes, discounts for our neighboring gym & Urban Sports Club, summer & winter parties, discount on our HelloFresh GO vending machines
- The chance to have a significant impact on one of the fastest-growing technology companies in Europe in an exciting growth phase
About HelloFresh
HelloFresh is on a mission to change the way people eat, forever!
Since our 2011 founding in Europe’s vibrant tech hub, Berlin, we’ve become the world's leading meal kit provider, delivering to over 4.2 million households worldwide in 14 countries across 3 continents.
Our Engineering, Data, Product and Security teams are located in Berlin and New York and are critical to what we do. From procurement tools to conversion rate optimization, live pricing tools, payment services and add-on upselling features, we work on a wide variety of challenging problems. The result is a high output where we constantly build and release features and engines that make our business thrive, allowing us to deliver real financial impact.
Our more than 7,000 employees from over 70+ nationalities are the heart and soul of our diverse, fast-paced and dynamic environment where innovation and smart, fast action is encouraged.
We will encourage you to make an immediate impact in your area of work as well as empower you to grow your career with us.
You can get a taste of what we've been working on by checking out our tech blog.
Are you up for the challenge?
Please submit your complete application below including your salary expectations and earliest starting date.
After submitting an application our team will review this and get back to you within 5 business days.
For insight into our interview process take a look at our recent post here.
We are HelloFresh
At HelloFresh we embrace and welcome diversity and we currently employ over 7,000 individuals globally who contribute to this. We employ individuals based on their ability to perform a job rather than on the basis of their: race, national origin, color, caste, social origin or position, gender, gender expression, sexual orientation, religion, age, disability, political opinion, marital status or any other characteristic. We encourage everyone to apply and will give everyone equal consideration. We are an equal opportunity employer – everyone is welcome at our table.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: APIs Application security Audits Cloud GIAC GWAPT Network security Offensive security OSWE OWASP Pentesting Python Red team Scripting Strategy Vulnerabilities Vulnerability management
Perks/benefits: Relocation support Yoga
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.