Offensive Security Researcher (m/f/d)

Permanent employee, Full-time · Berlin

About Us

Welcome to Baobab Insurance – Your Partner for the Cyber Security of Tomorrow!
The digital world is growing – and with it, the threat of cyberattacks. Every successful attack not only jeopardizes businesses but also undermines trust in our connected society. At Baobab Insurance, we are committed to making the digital world safer – proactively, sustainably, and with cutting-edge technology. Our mission: to protect companies from cyber threats before they arise, contributing to a more secure digital future.
Shape the digital security of tomorrow with us. Join a team that doesn’t just watch but actively protects. Your ideas and commitment can make all the difference.
If that’s not enough, here’s what we offer:

Flexible Working: With your MacBook, you can work up to three days per week from home and also have the opportunity to work in our modern offices in Berlin or Cologne.
Attractive Compensation: Competitive salary and VSOP options.
Growth & Career: Grow with us – in a dynamic company with clear advancement opportunities.
And much more

Baobab Insurance – Growing together. Making the digital world safer, together.

Your Tasks

Triage, analyze, validate, and prioritize vulnerabilities identified through automated scanning tools, manual testing, and external reports.
Continuously improve and optimize our vulnerability scanning technologies and processes, including scanner configuration, custom script development, and integration with other security tools.
Proactively search for critical vulnerabilities on a daily basis across our infrastructure, applications, and services, staying informed about newly disclosed CVEs and emerging threats.
Stay at the forefront of offensive security techniques by actively following and researching methodologies, tools, and exploits shared within the bug bounty community and broader cybersecurity landscape.
Plan, scope, and execute comprehensive penetration tests (e.g., web application, network, API, cloud, mobile) to identify security weaknesses.
Develop and utilize custom scripts, tools, and methodologies to enhance penetration testing efforts and automate attack simulations.
Clearly document and communicate identified vulnerabilities, their potential impact, and actionable remediation recommendations to technical and non-technical stakeholders.
Collaborate with development, operations, and infrastructure teams to provide guidance on vulnerability remediation and secure coding/configuration practices.
Retest and validate the effectiveness of implemented security fixes.
Contribute to the development and refinement of internal security testing methodologies and knowledge base.

Your profile

Proven experience as a Penetration Tester, Offensive Security Engineer, or similar role.
Experience participating in bug bounty programs or CTF competitions.
Strong experience in vulnerability assessment and management, including the triaging and prioritization of findings.
Demonstrable experience in managing, tuning, and improving vulnerability scanning technologies (e.g., Nessus, Qualys, Burp Suite Pro, Acunetix, OpenVAS).
A keen interest and active involvement in following the bug bounty community, with an understanding of common bug classes and innovative exploitation techniques.
Solid understanding of web application security (OWASP Top 10, etc.), network protocols, operating systems, and cloud security principles.
Experience with scripting languages (e.g., Python, Bash, PowerShell) for automation and tool development.
Strong analytical and problem-solving skills with meticulous attention to detail.
Excellent written and verbal communication skills in English, with the ability to articulate complex technical issues clearly.
(Desirable) Relevant certifications such as OSCP, OSCE, GPEN, GWAPT, eWPTX, or similar.
A proactive mindset and a passion for continuous learning in the field of offensive security.

Why us?

Flexible work options - work from home for up to three days a week an join us in the office for the remaining two days in Berlin
28 Vacation Days - plus Christmas & New Year’s Eve (half day)
Competitive Compensation - Attractive salary & equity options
Continuous Learning - Support for your professional growth and development
Team & Social Events - Quarterly gatherings, regular socials, and Thursday drinks on the house
Challenging & Supportive Culture - Work with motivated colleagues in an environment where you can grow, achieve, and enjoy the journey
Long-Term Growth - A stable career path in a fast-growing company
Welcoming Team - A people-first culture where joy at work and future prospects come first

Our Values

Customer First: Our customers and partners always come first.
Embrace Speed: Fast decisions and pragmatic solutions.
Data Over Gut Feeling: We make data-driven decisions.
Take Ownership: You get involved, no matter your position.
Continuous Learning: We challenge ourselves and grow together.
Open Culture: We have no rigid hierarchies. We communicate openly, directly, and at eye level.

Apply for this job

About us

Baobab's mission is to protect SMEs against cyber attacks better.
We rethink Cyber protection for SMEs by integrating Cyber Insurance with preventive cyber security services.
Like the Baobab tree, Baobab stands for security and support in all circumstances. We help our partners, as well as customers, to better understand cyber (risks). We not only focus on remediation after an incident but also reduce the likelihood of such an event.
We are supported by renowned investors such as Project A, and La Famiglia. In Zurich Insurance, we also have a solid partner with whom we have made a dynamic start as a risk carrier in the market.
Why is cyber insurance important for SMEs? Regardless of size, every business has vulnerabilities that cybercriminals can exploit. Just because a company is small doesn't mean it can't be a target of a cyber-attack. The cyber sector is so fast-moving that there is always a residual risk here, which should then be insured.

We believe that diversity in the team makes the company stronger. We do not discriminate on the basis of religion, skin color, nationality, gender, sexual orientation, or disability and welcome applications from all backgrounds. Apply now to become part of our team!

Apply for this job

Your application!

We appreciate your interest in Baobab Insurance GmbH. Please fill in the following short form. Should you have any difficulties in uploading your files, please contact us by mail at hr@baobab.io.