-
-
employment
Permanent position
-
You don't believe in siloed thinking in security? You understand the perspectives of both attackers and defenders and know that true security arises from cooperation? You combine proactive thinking with practical empathy and have the knack not only for identifying complex security problems but also for quickly resolving them? Then we're looking for you!
As a "Purple Hat," you are the interface between attack research and defense strategy. You validate findings, accelerate the remediation of vulnerabilities, and ensure that your knowledge reaches the teams. You work directly within the context of our in-house developments – from internal platforms to our customers' production solutions.
Your role
- You conduct continuous internal security tests and hunt for vulnerabilities in systems, code, and configurations.
- You validate external inputs from vulnerability disclosure programs, bug bounties, and security advisoryies for exploitability.
- You work closely with development and operations teams and translate technical findings into concrete, actionable measures.
- You create hardening checklists, detection rules, and step-by-step reproductions instead of just showing the problems.
- You propose patch strategies, review fixes, and orchestrate the validation of fixes.
- You prioritize in the jungle of AI-generated vulnerability reports and help your team focus on the critical risks.
- You communicate on an equal footing, manage to inspire and bring different teams on board.
Your profile
- Experience in offensive security and code analysis
- Solid programming and debugging skills – you understand code, not just the concepts.
- Understanding and experience in one or more programming languages.
- We develop in .NET and Java, and primarily create Angular web frontends.
- Cloud and platform knowledge (Kubernetes, modern infrastructures)
- Practical experience with defensive security measures and detection methods
- High affinity for automation and analysis tools, including new AI-based security methods.
- Good technical writing skills and the ability to make complex content understandable to different target groups.
- Independence, a structured way of working, and above all: understanding for the teams that have to implement the findings.
Your benefits
- Up to 60% home office possible with a 100% workload.
- Holiday purchase (2 weeks per year)
- 41-hour week with flexible working hours for a full-time position
- At least 25 days of vacation per year
- Funding for further training courses, either financially or in terms of time commitment
- Free SBB half-fare travelcard for all employees
We have an open, informal culture – so feel free to send us your application directly in the informal "Du" form.
We do not accept applications from recruitment agencies for this position. Thank you for your understanding and consideration.
We look forward to seeing you.
Contact
Peter Hopli
Recruiter Human Resources