Offensive Security Engineer

Milan, Italy

Satispay

Satispay: l'app per i pagamenti di tutti i giorni. Scopri i servizi per pagare e risparmiare, gli strumenti per il Business e i prodotti Welfare per aziende.

View all jobs at Satispay

Apply now Apply later

About Satispay

At Satispay, we're not just reimagining payments; we're pioneering a movement toward simplicity and accessibility. Picture yourself at the forefront of innovation, leading the way in revolutionizing payments - and beyond! - across Europe, alongside a vibrant community of like-minded individuals driven by a shared vision: simplifying payments to improve everyone’s life.

Are you ready to be part of something bigger? Satispay is the place for you! Come be part of our dynamic team and help us shape the future of payments in Europe.

🚀 Join us as an Offensive Security Engineer and let's make magic happen together.

Role Overview

As an Offensive Security Engineer, you will play a key role in securing our cloud infrastructure, mobile and web applications through internal penetration testing and adversary simulations. You will focus on identifying security weaknesses in our Android and iOS apps, backend services, and cloud infrastructure, working closely with the Blue Team, Cloud, Development, and Product teams to enhance security.

This role requires expertise in mobile security testing, including the ability to use dynamic instrumentation tools to analyze and manipulate app behavior at runtime.

Your mission:

  • Penetration testing. Perform penetration testing on mobile (iOS & Android) and web applications to identify vulnerabilities across platforms.

  • Dynamic instrumentation. Use tools like Frida to bypass security controls and analyze mobile app behavior at runtime to uncover hard-to-detect security flaws.

  • Adversary simulations. Simulate real-world attack scenarios to identify weaknesses and improve detection and mitigation capabilities.

  • Red Team methodology. Develop and maintain red team testing methodologies, ensuring effective reporting and vulnerability remediation tracking.

  • Collaboration with Blue Team. Partner with the Blue Team to enhance detection in tools like Splunk and improve overall security posture.

  • Code review and remediation. Review source code (Java, Kotlin, Swift, Python, JavaScript) for security flaws and work with developers to fix vulnerabilities using secure coding practices.

  • Reporting and stakeholder collaboration. Provide detailed reports of findings and collaborate with internal stakeholders to ensure timely remediation.

  • Technical guidance and training: Train developers and security engineers on security best practices to strengthen overall security practices.

  • Knowledge integration. Stay current with mobile security threats and offensive techniques, integrating them into testing strategies to stay ahead of risks.

Your ideal profile:

  • Penetration testing and Red Team experience: 3+ years in penetration testing,  red teaming, or offensive security.

  • Mobile app security expertise. You have knowledge of mobile application security for Android and iOS, including reverse engineering, hooking, and runtime manipulation techniques.

  • Source code security. You’re skilled in analyzing source code for security flaws (Java, Kotlin, Swift, Python, JavaScript), and work closely with developers to address vulnerabilities.

  • Cloud security knowledge. You have an understanding of cloud security (AWS) and common misconfigurations or attack vectors.

  • Dynamic instrumentation proficiency. Experience with dynamic instrumentation tools like Frida for testing and manipulating mobile apps at runtime.

  • Web application security. You are familiar with OWASP Top 10, API security, authentication & authorization flaws.

  • Threat intelligence. You are familiar with threat modeling, adversary tactics (MITRE ATT&CK framework), and red team operations.

  • Communication skills. Excellent written and verbal communication skills for technical reporting and stakeholder collaboration.

  • Static and dynamic application security testing. Experience with SAST and DAST methodologies to identify and mitigate security vulnerabilities in applications.

  • CI/CD Security and DevSecOps. Familiarity with CI/CD security and DevSecOps practices to integrate security into development pipelines.

  • Automating security assessments. Experience automating security assessments using scripting/tooling.

Don't let a checklist hold you back - at Satispay, we thrive on diverse perspectives and unique strengths. Your individuality could be the missing piece to our puzzle! Even if you don't meet every skill listed above, we encourage you to apply if you're passionate about the role and believe you can contribute to our team's success.

Your perks as a Satisperson

🙆🏻 Join an international team to grow with

🏡 Hybrid working policy

🍽️ Fuel your day with our meal vouchers 

🌐 Preply language platform access to expand your language skills

⭐ Benefit from our 1.2k company welfare budget

🚀 Own part of Satispay’s success with our Stock Option Plan 

👩🏻‍💻 Gear up with our tech equipment 

🥳 Join us in the fun with team-building events, parties, trips, and more!

Our selection process is tailored to each role and includes at least a call with our Talent Acquisition Team, a technical evaluation, and a final in-person meeting. Your recruiter will share more insights during your first meeting with us!

Equal Opportunity Employer

At Satispay, we're proud to be an equal-opportunity employer. We celebrate diversity and inclusion, welcoming individuals of all backgrounds. This opportunity is open to everyone, regardless – for instance - of race, color, religion, sex, gender identity, sexual orientation, and national origin. Join us in a workplace where everyone belongs!

Learn More About Us

Curious about our core values? Explore them here.


#LI-GA1 

#LI-HYBRID

Apply now Apply later

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  10  1  0

Tags: Android APIs Application security AWS Blue team CI/CD Cloud DAST DevSecOps iOS Java JavaScript Kotlin MITRE ATT&CK Mobile security Offensive security OWASP Pentesting Python Red team Reverse engineering SAST Scripting Security assessment Splunk Threat intelligence Vulnerabilities

Perks/benefits: Career development Equity / stock options Team events

Regions: Remote/Anywhere Europe
Country: Italy

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.