Pentester

Picnic

Amsterdam, Netherlands

2 days ago

Role details

Contract type

Internship / Graduate position

Employment type

Full-time (> 32 hours)

Working hours

Regular working hours

Languages

English

Experience level

Intermediate

Job location

Amsterdam, Netherlands

Tech stack

IEEE 802.1X

API

Amazon Web Services (AWS)

Software System Penetration Testing

Confluence

JIRA

Computer Security

Mobile Application Software

JSON

Python

OAuth

OpenID

JSON Web Token

Security Assertion Markup Language (SAML)

Secure Coding

Software Engineering

Cloud Platform System

Okta

Large Language Models

Software Security

Kubernetes

Information Technology

Atlassian Tools

Gsuite

Terraform

Docker

Job description

At Picnic, we're building the most secure milkman on earth, and we need someone to help us verify that reality. As our Pentester in the SecOps team, you'll combine offensive and defensive security skills to identify vulnerabilities, strengthen defenses, and improve our security culture. You'll conduct pentests across web, mobile, network, and cloud systems, run red teaming exercises, and manage our vulnerability programs. You'll also empower development teams to adopt secure coding practices while enhancing our pentesting workflows with MCPs and LLMs.

Tricks of the trade

Ownership: Take charge of the pentesting process, from planning to execution and reporting, ensuring comprehensive coverage across all Picnic services while encouraging continuous improvement
Management: Own the Vulnerability Disclosure Program, manage remediation workflows, and define KPIs to track coverage and effectiveness
Collaboration: Work closely with development teams to integrate security best practices into the software development lifecycle
Innovation: Leverage MCPs and LLMs to enhance pentesting efficiency and automation and build customized and scalable solutions for Picnic.
Training: Conduct application security workshops to raise awareness and promote secure coding practices among developers
Our tech: AWS, Google Workspace, Keycloak, Docker, Kubernetes (EKS), Helm, Terraform, Python, SAML, OAuth, OpenID, JWT (JSON Web Tokens), 802.1x, Atlassian (Jira, Confluence), IoT, Web & Mobile Apps, APIs.

Requirements

Bachelor's or Master's degree in Computer Science, Cybersecurity, Information Security, or a related field (or equivalent practical experience).
At least 4 years of relevant experience in pentesting web, mobile, network and cloud environments.
Strong communication skills to report findings clearly and train development teams
Curious and pragmatic, keep things simple without losing quality, and bring structure and organisation to the unknowns.
A certificate of conduct (Verklaring Omtrent het Gedrag, VOG) would be requested during the process.