Pentester & Security Engineer
G+D Netcetera operates in a fast-paced B2B environment and is specialized in secure financial sector applications. The company is growing and active in the Research & Development of new Products and Services for customers.
G+D Netcetera is an early adopter and a specialist in digital payment systems and the corresponding security and compliance needs.
We’re looking for a versatile Pentester & Security Engineer who can shift seamlessly between deep technical testing and hands-on enablement of engineering teams. You’ll perform penetration tests, drive threat modeling and security requirements engineering, and take ownership of developing, maintaining, and operating cloud‑security tools, guardrails, and configurations. You will help teams remediate vulnerabilities at speed. This role is perfect for a pragmatic engineer who can read and write code, understands how products are built and shipped, and loves to partner with developers to make secure delivery the default.
The job ad is valid until 31.03.2026
Your Tasks
- Perform targeted penetration tests and security assessments across:
- K8s and containerized workloads
- Web applications and APIs
- AWS and Cloud Infrastructure
- Support development teams in Secure software engineering
- Security Architecture support
- Security Requirements support
- Threat modelling
- Secure code reviews
- Security Tooling usage (CI/CD, SAST, DAST etc)
- Vulnerability Management
- Support teams in their vulnerability management lifecycle ( discovery → triage → remediation → validation)
- Champion secure coding practices and provide targeted remediation guidance with code snippets.
- Security Operations
- Build or enhance security telemetry using AWS-native tooling (CloudTrail, GuardDuty, WAF, Security Hub, CloudWatch)
- Implement and maintain policy-as-code tools & solutions (Kyverno, OPA)
- Implement and maintain a variety of security tools such as (Neuvector, Trivy, Dependencytrack, Defectdojo)
Requirements
Your profile
- Bachelor’s degree in computer science, information security, engineering, or a related field.
- A minimum of 3+ years of solid, hands‑on experience in Software engineering, IT security engineering, systems engineering, or cloud security within a corporate or high‑tech environment.
- 2+ years penetration testing or application security experience.
- Proven ability to read, write, and understand production code.
- Container & Kubernetes security experience (RBAC, admission controls etc).
- Understanding of cloud-native attack vectors (privilege escalation, SSRF, misconfigured IAM policies).
- Familiarity with traditional, modern, and software‑defined networking concepts and technologies.
- Fluent English speaker and writer.
Nice to haves:
- Experience in fintech, payments, banking, or regulated industries.
- Knowledge of relevant standards (PCI DSS, SOC 2, ISO 27001, EBA/FINMA guidelines).
- Familiarity with compliance expectations in regulated environments.
- Strong knowledge of AWS security fundamentals, including IAM, KMS, network segmentation, workload identity, and monitoring.
- Professional experience with Terraform.
- Certifications such as OSCP, OSWE, AWS Security Specialty
Benefits
- Flexibility: Adjust your time to work efficiently, be it working hours, part-time options, home office, or unpaid leave
- Extra vacation days: Need to take some extra time off? With us, you have the possibility to activate 5 additional paid days per year on top of your vacation plan
- Private health & Family Insurance: The company policy covers a private health insurance plan for you and your family
- Yearly Education Fund: We strongly believe in continuous development and would love to see you enrich your knowledge. Ever Netceterian has a dedicated yearly fund to invest in their professional and personal development through conferences, courses, lectures or long-term education
- Meals & Snacks: Enjoy a lunch allowance each working day, free fruit and drinks in the office