Ethical Hacker / Offensive Security Engineer

About

We are looking for an Ethical Hacker / Offensive Security Engineer to strengthen our offensive security at StrangeBee.

In this role, you will identify, exploit, analyze, and help remediate vulnerabilities across our products, infrastructure, internal systems, and security processes. You will work closely with Engineering, Product, SOC, Compliance & Risk, and Infrastructure teams to embed security into our software development lifecycle and day-to-day operations.

You will also contribute to security culture, support incident investigations, train developers, conduct research, and help shape the offensive security roadmap. Your work will directly improve the security, resilience, and trustworthiness of our incident response platform used by security teams around the world.

Responsibilities

• Lead and perform offensive security assessments, including web application, API, infrastructure, cloud, and internal system penetration tests.
• Identify, exploit, document, and prioritize vulnerabilities with clear technical and business impact.
• Work closely with Engineering teams to help remediate vulnerabilities and improve secure development practices.
• Contribute to the Secure Development Lifecycle by integrating security reviews, threat modeling, secure coding guidance, and vulnerability management into engineering workflows.
• Support security incident investigations by providing offensive security expertise, attack path analysis, forensic reasoning, and adversarial thinking.
• Conduct vulnerability research on our products, dependencies, environments, and emerging attack techniques.
• Participate in CTFs, bug bounty-style research, labs, and internal security challenges to continuously sharpen offensive capabilities.
• Build internal tools, scripts, PoCs, and automation to improve security testing, vulnerability analysis, and detection capabilities.
• Contribute to the security roadmap, both in run activities and build initiatives.
• Help improve vulnerability management processes: qualification, severity assessment, remediation tracking, validation, and reporting.
• Deliver security awareness sessions and hands-on training for developers and technical teams.
• Promote a strong security culture based on collaboration, curiosity, pragmatism, and continuous improvement.
• Collaborate with SOC, Compliance & Risk, Infrastructure, Product, and Engineering teams to align offensive security work with business priorities and customer trust.

Requirements

Technical Skills

• Strong hands-on experience in offensive security, penetration testing (incl. white box), vulnerability research, or bug bounty.
• Solid understanding of web application security, API security, authentication, authorization, session management, and common vulnerability classes.
• Good knowledge of OWASP Top 10, secure coding principles, threat modeling, and vulnerability management.
• Experience with offensive security tools and methodologies: Burp Suite, Nmap, Metasploit, custom scripts, fuzzing, exploitation frameworks, or equivalent tooling.
• Ability to write clear proof-of-concepts and technical reports.
• Good understanding of modern software architectures, CI/CD pipelines, cloud environments, containers, and infrastructure security.
• Ability to analyze vulnerabilities from both technical and business impact perspectives.
• Comfortable reading code and collaborating with developers on remediation.
• Experience with incident investigation, attack path analysis, or adversary simulation is a strong plus.
• Experience with CTFs, bug bounty programs, CVE research, exploit development, or security labs is a strong plus.
• Knowledge of SOC operations, detection engineering, compliance expectations, or security frameworks is appreciated.

Soft skills

• Excellent communication skills, with the ability to explain complex vulnerabilities clearly to technical and non-technical audiences.
• Strong autonomy and ownership.
• High level of curiosity and continuous learning mindset.
• Pragmatic approach to security: able to balance risk, business impact, and engineering constraints.
• Collaborative mindset and ability to build trust with Engineering, Product, SOC, Compliance, Risk, and Infrastructure teams.
• Open-minded, humble, and comfortable giving and receiving feedback.
• Strong analytical thinking and problem-solving skills.
• Ability to challenge constructively and drive security improvements without creating friction.

You might feel hesitant to apply if you don’t match 100% of the requirements. This list is a guide, we encourage you to apply even if you are a partial match. We are building teams that innovate, not teams that simply tick every box.

Hiring process

We aim to keep our process transparent, structured, and respectful of your time.

• Discovery call with the hiring team (30 minutes) A first conversation to understand your background, motivations, and answer your initial questions.
• Interview with the VP of Infrastructure & Security and the COO & co-founder (1 hour) Deep dive into your experience, skills, and the role expectations.
• AssessFirst personality assessment A short online assessment to help us understand how you work and how you might thrive within the team.
• Interview with the Security team (1 hour) An opportunity to meet team members, discuss day-to-day collaboration, and get a practical perspective.
• Interview with the Head of Product and an Engineering Manager (1 hour) An opportunity to get to know the team, discuss day-to-day collaboration, and get a practical perspective.
• Interview with the Head of HR (30 minutes) Discussion around vision, culture fit, and long-term alignment.

Please note we may conduct a reference check before finalizing the offer.

About Us

StrangeBee is a European cybersecurity software company specializing in Incident Response.

Founded in 2018 by the creators of TheHive and Cortex, StrangeBee was built on the success of these tools that quickly became widely adopted within the cybersecurity community. What started as open-source initiatives evolved into enterprise-grade solutions trusted by organizations worldwide.

Today, TheHive is recognized as a leading incident response platform, empowering thousands of security analysts to detect, investigate, and respond to cyber threats efficiently.

StrangeBee now operates as a fully commercial software vendor, focused on delivering robust, scalable, and continuously evolving solutions tailored to the needs of modern security teams.

Our ambition is clear: strengthen our product ecosystem, meet the fast-growing demands of the cybersecurity market, and establish StrangeBee as a global leader in incident response platforms.

We are growing fast and we’re looking for people who want to grow with us.

Why join us

At StrangeBee, you won’t just join a company, you’ll help shape a growing European cybersecurity leader.

What makes us different is not only what we build, but how we build it.

Customer Centric

Everything we do starts with impact. We build for real security teams facing real threats. We listen carefully, challenge assumptions, and aim to deeply understand the “why” behind every need. If you care about delivering meaningful value, not just shipping features, you’ll feel at home here.

Quest for Excellence

“Good enough” is not our standard. We continuously question how we work, how we collaborate, and how we improve our product. Excellence for us means rigor, accountability, and pride in craftsmanship, whether in code, sales conversations, customer support, or internal processes.

Embrace Change

Cybersecurity evolves constantly, so do we. We encourage initiative, ideas, and constructive challenge. If you see something that could be better, you’re expected to speak up and help drive improvement. Change is not something we endure; it’s something we actively shape.

One Team

We believe performance comes from trust. We foster open communication, mutual respect, and psychological safety. Everyone’s voice matters, and collaboration goes beyond titles or departments. We succeed together.

Joining StrangeBee means working in an environment where ownership is real, standards are high, and impact is visible, while being part of a team that genuinely supports each other.