Security Engineer $$$$

Summary

• Senior Security Engineer - penetration testing, threat modelling, 7+ years commercial experience.
• Python. Hands-on offensive and defensive security for web applications.
• Remote/Hybrid, UK, Chechia, Spain - employment contract, Poland, Romania, Slovakia, Bulgaria, Ukraine - B2B contract.

The role

This is a senior security engineering position with a strong emphasis on penetration testing and threat modeling. You'll work across the full security lifecycle: designing secure architectures, modeling threats, researching emerging attack vectors, and validating defenses through hands-on testing.

The focus is on long-term security improvements — identifying and addressing risks before they become incidents. You'll need both the attacker's mindset to find vulnerabilities and the engineering skills to help fix them properly.

What you'll work on

• Penetration testing and security assessments against web applications and internal systems
• Leading security design reviews and threat modeling for new products and infrastructure changes
• Researching emerging threats and attack techniques, then translating findings into practical defense strategies
• Building security automations and tools, and prototypes to support testing and detection
• Collaborating with engineering teams to remediate vulnerabilities and improve secure development practices
• Contributing to security architecture decisions and standards

What we're looking for

• 7+ years in security engineering with substantial experience in both offensive and defensive work
• Proven, hands-on web applications penetration testing experience
• Strong programming skills, preferably Python, with experience building security tools or automation
• Deep expertise in at least one core security domain: cryptography, authentication/authorisation, secure architecture, or network security
• Clear understanding of attack vectors and methods, and how to anticipate them
• Good communication skills in English

Useful additions

• Experience securing serverless architectures or AI/ML platforms
• Background in cloud-native security (AWS, GCP, Kubernetes)
• DevSecOps experience- integrating security into CI/CD pipelines
• Relevant certifications (OSCP, OSCE, CISSP, or similar)