Offensive Security Researcher

**About Us**:
**Welcome to Baobab Insurance - Your Partner for the Cyber Security of Tomorrow**
The digital world is growing - and with it, the threat of cyberattacks. Every successful attack not only jeopardizes businesses but also undermines trust in our connected society. At Baobab Insurance, we are committed to making the digital world safer - proactively, sustainably, and with cutting-edge technology. Our mission: to protect companies from cyber threats before they arise, contributing to a more secure digital future.
**Shape the digital security of tomorrow with us.** Join a team that doesn’t just watch but actively protects. Your ideas and commitment can make all the difference.
If that’s not enough, here’s what we offer:

- **
Flexible Working**: With your MacBook, you can work up to three days per week from home and also have the opportunity to work in our modern offices in Berlin or Cologne.
- ** Attractive Compensation**: Competitive salary and VSOP options.
- ** Growth & Career**: Grow with us - in a dynamic company with clear advancement opportunities.
- ** And much more**

**Baobab Insurance - Growing together. Making the digital world safer, together.**

**Your Tasks**:

- ** Triage, analyze, validate, and prioritize vulnerabilities** identified through automated scanning tools, manual testing, and external reports.
- ** Continuously improve and optimize our vulnerability scanning technologies and processes,** including scanner configuration, custom script development, and integration with other security tools.
- ** Stay at the forefront of offensive security techniques by actively following and researching methodologies, tools, and exploits shared within the bug bounty community and broader cybersecurity landscape.**:

- Develop and utilize custom scripts, tools, and methodologies to enhance penetration testing efforts and automate attack simulations.
- Clearly document and communicate identified vulnerabilities, their potential impact, and actionable remediation recommendations to technical and non-technical stakeholders.
- Collaborate with development, operations, and infrastructure teams to provide guidance on vulnerability remediation and secure coding/configuration practices.
- Retest and validate the effectiveness of implemented security fixes.
- Contribute to the development and refinement of internal security testing methodologies and knowledge base.

**Your profile**:

- Proven experience as a Penetration Tester, Offensive Security Engineer, or similar role.
- Experience participating in bug bounty programs or CTF competitions.
- ** Strong experience in vulnerability assessment and management, including the triaging and prioritization of findings.**:

- ** Demonstrable experience in managing, tuning, and improving vulnerability scanning technologies (e.g., Nessus, Qualys, Burp Suite Pro, Acunetix, OpenVAS).**:

- ** A keen interest and active involvement in following the bug bounty community, with an understanding of common bug classes and innovative exploitation techniques.**:

- Experience with scripting languages (e.g., Python, Bash, PowerShell) for automation and tool development.
- Strong analytical and problem-solving skills with meticulous attention to detail.
- Excellent written and verbal communication skills in English, with the ability to articulate complex technical issues clearly.
- _ (Desirable)_ Relevant certifications such as OSCP, OSCE, GPEN, GWAPT, eWPTX, or similar.
- A proactive mindset and a passion for continuous learning in the field of offensive security.

**Why us?**:

- ** Flexible work options** - work from home for up to three days a week an join us in the office for the remaining two days in Berlin
- ** 28 Vacation Days** - plus Christmas & New Year’s Eve (half day)
- ** Competitive Compensation** - Attractive salary & equity options
- ** Continuous Learning** - Support for your professional growth and development
- ** Team & Social Events** - Quarterly gatherings, regular socials, and Thursday drinks on the house
- ** Challenging & Supportive Culture** - Work with motivated colleagues in an environment where you can grow, achieve, and enjoy the journey
- ** Long-Term Growth** - A stable career path in a fast-growing company
- ** Welcoming Team** - A people-first culture where joy at work and future prospects come first

**Our Values**:
**Customer First**: Our customers and partners always come first.
**Embrace Speed**: Fast decisions and pragmatic solutions.
**Data Over Gut Feeling**: We make data-driven decisions.
**Take Ownership**: You get involved, no matter your position.
**Continuous Learning**: We challenge ourselves and grow together.
**Open Culture**: We have no rigid hierarchies. We communicate openly, directly, and at eye level.

**About us**:
**Baobab's mission is to protect SMEs against cyber attacks better.**
We rethink Cyber protection for SMEs by integrating **C**yber Insurance** with **preventive cyber security services**.
Like the Baob