Security Researcher/Ethical Hacker

Hack the system!

Full-time · Enschede

S3 Passenger powers ticketing for some of the largest rail and bus operators in the world (SNCF, VIA Rail, PT Kai, Eurostar and more). That comes with a serious attack surface, real payment flows, PCI DSS scope, and a fully cloud-native AWS/Kubernetes stack that is in production 24/7.

We are looking for an ethical hacker to join our internal Red Team. You will be one of a small group of dedicated security engineers, part offensive specialist, part trusted advisor to our DevOps teams, part technical counterpart to our external auditors. You enjoy breaking things, but you equally enjoy the long game of making sure they cannot be broken again.

What will you do?

• Your role involves performing internal penetration tests and supporting external security audits (PCI DSS, ASV scans).

• You will secure our cloud and infrastructure (AWS/Kubernetes), review source code, and tune our SAST/DAST security pipelines.

• Key responsibilities also include security incident response, threat modeling, challenging the security awareness program, implementing security automation, and researching new vulnerabilities.

About you

• Bachelor and/or master degree in IT, preferably in cyber security, security management or related (minors in this field are also an option).

• Enjoys participating in CTFs or likes to "pwn" a box at HackTheBox;

• 3+ years of end-to-end offensive security experience (penetration tester, bug bounty hunter, security researcher) and a hacker's mindset, comfortable with the OWASP Top 10 and exploit development.

• Solid grasp of cloud security, specifically AWS and Kubernetes, and the ability to read and review code (Java, Kotlin, Golang).

• Working knowledge of compliance frameworks, including PCI DSS, and familiarity with modern offensive tools like Burp Suite, Caido, OWASP ZAP, Nuclei, etc..

• Must be able to work independently, and communicate clearly with both technical and non-technical stakeholders in English.

Nice to have:

• Relevant certifications such as OSCP, OSCE, OSWE, CRTO, AWS Security Specialty.

• Experience contributing to open-source security tooling, CVE disclosures or public research.

• Background in the public-transport, fintech or other regulated SaaS space.

This is a challenging opportunity to work on a product with a significant impact and make a significant contribution to the rail- and bus transport industry. If you are a talented and driven ethical hacker or security researcher, we would love to hear from you.

What can you expect from Sqills:

• An enthusiastic, young, and diverse group of ~250 colleagues worldwide.

• A flat hierarchy with a lot of individual responsibility and room for your ideas.

• An open and challenging environment for ambitious professionals.

• Great benefits including a FlexBudget, supplementary pension, and lunch in our Grand Café.

• Inspiring company outings and Friday drinks on our roof terrace.

Curious?

We can only consider applications from Dutch, EU/EEA or Swiss citizens, or from individuals who already hold a valid residence and work permit for the Netherlands.