Job VC
Security Engineer
Technologies
Description
Summary
Senior Security Engineer - penetration testing, threat modelling, 7+ years commercial experience.
Python. Hands-on offensive and defensive security for web applications.
Remote/Hybrid, UK, Chechia, Spain - employment contract, Poland, Romania, Slovakia, Bulgaria, Ukraine - B2B contract.
The role
This is a senior security engineering position with a strong emphasis on penetration testing and threat modeling. You'll work across the full security lifecycle: designing secure architectures, modeling threats, researching emerging attack vectors, and validating defenses through hands-on testing.
The focus is on long-term security improvements — identifying and addressing risks before they become incidents. You'll need both the attacker's mindset to find vulnerabilities and the engineering skills to help fix them properly.
What you'll work on
Penetration testing and security assessments against web applications and internal systems
Leading security design reviews and threat modeling for new products and infrastructure changes
Researching emerging threats and attack techniques, then translating findings into practical defense strategies
Building security automations and tools, and prototypes to support testing and detection
Collaborating with engineering teams to remediate vulnerabilities and improve secure development practices
Contributing to security architecture decisions and standards
What we're looking for
7+ years in security engineering with substantial experience in both offensive and defensive work
Proven, hands-on web applications penetration testing experience
Strong programming skills, preferably Python, with experience building security tools or automation
Deep expertise in at least one core security domain: cryptography, authentication/authorisation, secure architecture, or network security
Clear understanding of attack vectors and methods, and how to anticipate them
Good communication skills in English
Useful additions
Experience securing serverless architectures or AI/ML platforms
Background in cloud-native security (AWS, GCP, Kubernetes)
DevSecOps experience- integrating security into CI/CD pipelines
Relevant certifications (OSCP, OSCE, CISSP, or similar)
Senior Security Engineer - penetration testing, threat modelling, 7+ years commercial experience.
Python. Hands-on offensive and defensive security for web applications.
Remote/Hybrid, UK, Chechia, Spain - employment contract, Poland, Romania, Slovakia, Bulgaria, Ukraine - B2B contract.
The role
This is a senior security engineering position with a strong emphasis on penetration testing and threat modeling. You'll work across the full security lifecycle: designing secure architectures, modeling threats, researching emerging attack vectors, and validating defenses through hands-on testing.
The focus is on long-term security improvements — identifying and addressing risks before they become incidents. You'll need both the attacker's mindset to find vulnerabilities and the engineering skills to help fix them properly.
What you'll work on
Penetration testing and security assessments against web applications and internal systems
Leading security design reviews and threat modeling for new products and infrastructure changes
Researching emerging threats and attack techniques, then translating findings into practical defense strategies
Building security automations and tools, and prototypes to support testing and detection
Collaborating with engineering teams to remediate vulnerabilities and improve secure development practices
Contributing to security architecture decisions and standards
What we're looking for
7+ years in security engineering with substantial experience in both offensive and defensive work
Proven, hands-on web applications penetration testing experience
Strong programming skills, preferably Python, with experience building security tools or automation
Deep expertise in at least one core security domain: cryptography, authentication/authorisation, secure architecture, or network security
Clear understanding of attack vectors and methods, and how to anticipate them
Good communication skills in English
Useful additions
Experience securing serverless architectures or AI/ML platforms
Background in cloud-native security (AWS, GCP, Kubernetes)
DevSecOps experience- integrating security into CI/CD pipelines
Relevant certifications (OSCP, OSCE, CISSP, or similar)