About the role

Pentester & Security Engineer at G+D Netcetera focusing on secure financial sector applications and cloud-security tools. Involves penetration testing, security assessments, and supporting development teams in secure software engineering.

Responsibilities

Perform targeted penetration tests and security assessments across:
K8s and containerized workloads
Web applications and APIs
AWS and Cloud Infrastructure
Support development teams in Secure software engineering
Security Architecture support
Security Requirements support
Threat modelling
Secure code reviews
Security Tooling usage (CI/CD, SAST, DAST etc)
Vulnerability Management
Support teams in their vulnerability management lifecycle ( discovery → triage → remediation → validation)
Champion secure coding practices and provide targeted remediation guidance with code snippets.
Security Operations
Build or enhance security telemetry using AWS-native tooling (CloudTrail, GuardDuty, WAF, Security Hub, CloudWatch)
Implement and maintain policy-as-code tools & solutions (Kyverno, OPA)
Implement and maintain a variety of security tools such as (Neuvector, Trivy, Dependencytrack, Defectdojo)

Bachelor’s degree in computer science, information security, engineering, or a related field.
A minimum of 3+ years of solid, hands‑on experience in Software engineering, IT security engineering, systems engineering, or cloud security within a corporate or high‑tech environment.
2+ years penetration testing or application security experience.
Proven ability to read, write, and understand production code.
Container & Kubernetes security experience (RBAC, admission controls etc).
Understanding of cloud-native attack vectors (privilege escalation, SSRF, misconfigured IAM policies).
Familiarity with traditional, modern, and software‑defined networking concepts and technologies.
Fluent English speaker and writer.
Nice to haves:
Experience in fintech, payments, banking, or regulated industries.
Knowledge of relevant standards (PCI DSS, SOC 2, ISO 27001, EBA/FINMA guidelines).
Familiarity with compliance expectations in regulated environments.
Strong knowledge of AWS security fundamentals, including IAM, KMS, network segmentation, workload identity, and monitoring.
Professional experience with Terraform.
Certifications such as OSCP, OSWE, AWS Security Specialty

Flexibility: Adjust your time to work efficiently, be it working hours, part-time options, home office, or unpaid leave
Extra vacation days: Need to take some extra time off? With us, you have the possibility to activate 5 additional paid days per year on top of your vacation plan
Private health & Family Insurance: The company policy covers a private health insurance plan for you and your family
Yearly Education Fund: We strongly believe in continuous development and would love to see you enrich your knowledge. Ever Netceterian has a dedicated yearly fund to invest in their professional and personal development through conferences, courses, lectures or long-term education
Meals & Snacks: Enjoy a lunch allowance each working day, free fruit and drinks in the office