Senior Offensive Security Researcher (m/f/d)

Permanent employee, Full-time · Berlin

About Us

Welcome to Baobab Insurance – Your Partner for the Cyber Security of Tomorrow!
The digital world is growing – and with it, the threat of cyberattacks. Every successful attack not only jeopardizes businesses but also undermines trust in our connected society. At Baobab Insurance, we are committed to making the digital world safer – proactively, sustainably, and with cutting-edge technology. Our mission: to protect companies from cyber threats before they arise, contributing to a more secure digital future.
Shape the digital security of tomorrow with us. Join a team that doesn’t just watch but actively protects. Your ideas and commitment can make all the difference.
If that’s not enough, here’s what we offer:

Flexible Working: With your MacBook, you can work up to three days per week from home and also have the opportunity to work in our modern offices in Berlin or Cologne.
Attractive Compensation: Competitive salary and VSOP options.
Growth & Career: Grow with us – in a dynamic company with clear advancement opportunities.
And much more

Baobab Insurance – Growing together. Making the digital world safer, together.

Your Tasks

Triage, analyze, validate, and prioritize vulnerabilities identified through automated scanning tools, manual testing, and external reports.
Continuously improve and optimize our vulnerability scanning technologies and processes, including scanner configuration, custom script development, and integration with other security tools.
Proactively search for critical vulnerabilities on a daily basis across our infrastructure, applications, and services, staying informed about newly disclosed CVEs and emerging threats.
Stay at the forefront of offensive security techniques by actively following and researching methodologies, tools, and exploits shared within the bug bounty community and broader cybersecurity landscape.
Plan, scope, and execute comprehensive penetration tests (e.g., web application, network, API, cloud, mobile) to identify security weaknesses.
Develop and utilize custom scripts, tools, and methodologies to enhance penetration testing efforts and automate attack simulations.
Clearly document and communicate identified vulnerabilities, their potential impact, and actionable remediation recommendations to technical and non-technical stakeholders.
Collaborate with development, operations, and infrastructure teams to provide guidance on vulnerability remediation and secure coding/configuration practices.
Retest and validate the effectiveness of implemented security fixes.
Contribute to the development and refinement of internal security testing methodologies and knowledge base.

Your profile

Extensive experience as a Penetration Tester, Offensive Security Engineer, or similar role.
Experience participating in bug bounty programs or CTF competitions.
Strong experience in vulnerability assessment and management, including the triaging and prioritization of findings.
Demonstrable experience in managing, tuning, and improving vulnerability scanning technologies (e.g., Nessus, Qualys, Burp Suite Pro, Acunetix, OpenVAS).
A keen interest and active involvement in following the bug bounty community, with an understanding of common bug classes and innovative exploitation techniques.
Solid understanding of web application security (OWASP Top 10, etc.), network protocols, operating systems, and cloud security principles.
Experience with scripting languages (e.g., Python, Bash, PowerShell) for automation and tool development.
Strong analytical and problem-solving skills with meticulous attention to detail.
Excellent written and verbal communication skills in English, with the ability to articulate complex technical issues clearly.
(Desirable) Relevant certifications such as OSCP, OSCE, GPEN, GWAPT, eWPTX, or similar.
A proactive mindset and a passion for continuous learning in the field of offensive security.

Why us?

Flexible work options - work from home for up to three days a week an join us in the office for the remaining two days in Berlin
28 Vacation Days - plus Christmas & New Year’s Eve (half day)
Competitive Compensation - Attractive salary & equity options
Continuous Learning - Support for your professional growth and development
Team & Social Events - Quarterly gatherings, regular socials, and Thursday drinks on the house
Challenging & Supportive Culture - Work with motivated colleagues in an environment where you can grow, achieve, and enjoy the journey
Long-Term Growth - A stable career path in a fast-growing company
Welcoming Team - A people-first culture where joy at work and future prospects come first

Our Values

Customer First: Our customers and partners always come first.
Embrace Speed: Fast decisions and pragmatic solutions.
Data Over Gut Feeling: We make data-driven decisions.
Take Ownership: You get involved, no matter your position.
Continuous Learning: We challenge ourselves and grow together.
Open Culture: We have no rigid hierarchies. We communicate openly, directly, and at eye level.

Apply for this job

About us

Baobab's mission is to better protect companies from cyberattacks. We are rethinking cyber protection for German SMEs by combining cyber insurance with preventative cybersecurity services. Like the baobab tree, Baobab stands for security and support in every situation. We help our partners and customers better understand cyber risks. We focus not only on limiting damage after an incident but also on reducing the likelihood of such an event occurring.

We are supported by renowned investors such as Project A and La Famiglia. With Lloyd's of London and ERGO, we also have strong partners at our side.

We believe that diversity in our team strengthens the company. Therefore, we do not discriminate based on religion, skin color, nationality, gender, sexual orientation, or disability and welcome applications from all backgrounds. Apply now and become part of our team!

Apply for this job

Your application!

We appreciate your interest in Baobab Insurance GmbH. Please fill in the following short form. Should you have any difficulties in uploading your files, please contact us by mail at hr@baobab.io.