Security Engineer / Penetration Tester (80-100%)

About Us:

cyllective AG is an independent consulting and engineering firm in the IT security sector. With a strong background in offensive security, we consider technical security audits a cornerstone of our services. While our leading practices lie in offensive security testing, we are a holistic security company offering customers a wide range of high-quality security services worldwide. cyllective is a privately held 'security boutique' committed to exquisite quality and supreme customer satisfaction.

About the Role:

In light of our recent success, we are looking to expand our team. We are seeking a highly motivated and skilled Security Engineer / Penetration Tester. You will be responsible for conducting penetration tests and secure code reviews to identify vulnerabilities and enhance the security posture of our customers. While the primary focus will be on white box penetration testing of web applications, the role may also encompass other assignments such as technical reviews, assessments, and even security engineering tasks. The ideal candidate will bring software development experience, deep cybersecurity expertise, and familiarity with mobile application (Android, iOS) testing or Cloud Security (AWS, Azure, GCP).

Why You'll Love Working Here:

At cyllective, you will join a team of like-minded individuals. We love to tinker, explore how things work, and find ways to break them. If you share this hacker spirit, you'll feel right at home with us. At cyllective, you will have the opportunity to conduct your own security research and you will have the opportunity to further your education and stay up-to-date with cutting-edge technologies. We offer a fantastic work atmosphere, with up to 60% work-from-home opportunities, free snacks and coffee in the office, competitive salaries, and additional benefits such as paid mobile subscriptions. If you are driven, responsible, and eager to grow with the company, doors will open for you as we anticipate even more growth in the near future.


  • Conduct penetration tests, security assessments, and secure code reviews for our clients.
  • Apply your software development experience to understand and test complex application logic.
  • Analyze test results, identify security risks, and create comprehensive reports for clients.
  • Collaborate with clients to mitigate identified vulnerabilities.
  • Stay updated on the latest trends and advancements in cybersecurity, web, mobile, and cloud security.


  • Minimum of 3 years of professional experience in penetration testing, security engineering, or a similar role.
  • Relevant experience in Software Development.
  • Certifications such as Offensive Security Certified Professional (OSCP) are desirable.
  • Experience in mobile application testing or Cloud Security is beneficial.
  • Proficiency in English and German - reading and writing.


  • A hacker mindset, preferably with CTF experience.
  • Excellent understanding of application security best practices.
  • Proficiency in techniques and tools used in (white box) penetration testing, like Burp Suite.
  • Skills to analyze and understand source code in modern web apps (backend and frontend). Knowledge of commonly used frameworks such as Express (Node.js), Spring (Java), Django (Python), or Symfony (PHP) is essential.
  • In-depth technical knowledge about common web vulnerabilities, like the ones listed in OWASP Top 10.
  • Excellent analytical and problem-solving skills.
  • Strong written and verbal communication skills, with the ability to effectively communicate findings and recommendations to client stakeholders.

How to Apply:

Got skills and the right mindset but unsure about all the qualifications? No worries, we value mindset over certs. Using this link, you will find CTF challenges where you can demonstrate your talents. The challenges are not mandatory, but if you uncover any flags, please send them along with your application documents to

Currently, we only can accept applicants who are eligible to work in Switzerland.