Senior Security Engineer - Purple Team

Summary

Join Lucca's security team as a penetration tester and red teamer! This full-remote (with quarterly on-site visits) position in France offers a salary between €63k and €75k gross per year. You'll work in a purple team environment, collaborating with platform and development teams on various security projects. Responsibilities include offensive pentesting, incident response, automation, security improvement proposals, and vulnerability remediation. The ideal candidate has 3-5+ years of experience in web penetration testing, strong development skills, and a passion for cybersecurity.

Requirements

• Have confirmed experience in operational cybersecurity (3-5 years minimum) on WEB intrusion tests, discovery, and exploitation
• Be interested in the challenge of a purple team: a varied and technical adventure
• Be proficient with Burp Suite Pro, enjoy writing interesting pentest reports, facilitating remediation with developers, and love seeing your vulnerability fixes go into production within days
• Have explored some exploits, and TTPs are no secret to you
• Conduct active technological monitoring on infosec topics; ATT&CK and OWASP frameworks are no secret to you, and you love sharing your expertise
• Love learning new techniques, challenging ideas, and being challenged
• Want to do WEB pentesting, and are curious to evolve on the diversity of topics of a Purple Team
• Have development skills (on an object-oriented language, bonus if .NET and/or Go)
• Have offensive experience on Kubernetes
• Have a RootMe, HackTheBox, or BugBounty platform profile
• Have a GitHub or GitLab profile

Responsibilities

• Perform offensive penetration tests on web applications, vendors, and future Kubernetes infrastructure, and write pentest reports on vulnerabilities found
• Participate in incident responses, both on automated alerts and external reports, and participate in on-call duties
• Contribute to automation across numerous areas, from increasing security controls on the CI/CD stack to automating scans or SOAR workflows
• Challenge existing security measures and propose improvements
• Participate in numerous internal security projects, ranging from setting up honeypots, hardening, and exploiting CVEs
• Conduct active security monitoring (CVEs, zero days, infosec community)
• Support R&D teams, whether on vulnerability remediation, risk analysis, best-practice advice, or awareness-raising ranging from technical to social engineering

Preferred Qualifications

• Have one or more CVEs to your credit
• Have dev experience on security tooling, and are proud to share your GitHub profile with us
• Have already participated in CTFs, conferences
• Have advanced knowledge of Kubernetes, with a big bonus for offensive experience (CKS highly appreciated)
• Have experience in one or more high-level languages (.NET, or Go), as well as in scripting and automation (python)
• Have one or more certifications (OSCP etc)

Benefits

• An interesting profit-sharing plan
• A holiday bonus
• RTTs in addition to paid holidays
• Classic but essential benefits: employee benefits, meal vouchers (Swile), and 100% employer-sponsored health insurance (Benefiz), competitive Gymlib subscription
• A collective event per quarter, the objective of which is to bring together all of Lucca to share the company's news and perspectives in a formal... and less formal way
• And above all, being happy to get up in the morning to go to work. And yes, Lucca won 2nd place in the HappyIndex®AtWork France 2024 ranking (in the 500-999 employee category)
• Possibility of regular remote work