This website uses cookies to ensure you get the best experience.

StrangeBee and our selected partners use cookies and similar technologies (together “cookies”) that are necessary to present this website, and to ensure you get the best experience of it. If you consent to it, we will also use cookies for analytics purposes.

See our Cookie Policy to read more about the cookies we set.

You can withdraw and manage your consent at any time, by clicking “Manage cookies” at the bottom of each website page.

Select which cookies you accept

On this site, we always set cookies that are strictly necessary, meaning they are necessary for the site to function properly.

If you consent to it, we will also set other types of cookies. You can provide or withdraw your consent to the different types of cookies using the toggles below. You can change or withdraw your consent at any time, by clicking the link “Manage Cookies”, that is always available at the bottom of the site.

To learn more about what the different types of cookies do, how your data is used when they are set etc, see our Cookie Policy.

These cookies are necessary to make the site work properly, and are always set when you visit the site.

Vendors Teamtailor

These cookies collect information to help us understand how the site is being used.

Vendors Teamtailor
Skip to main content
Infrastructure & Security · France · Hybrid

Ethical Hacker / Offensive Security Engineer

Help incident responders around the world. Collaborate in a supportive, high-impact team and grow as we shape Europe’s leading incident response platform.

Job description

We are looking for an Ethical Hacker / Offensive Security Engineer to strengthen our offensive security at StrangeBee.

In this role, you will identify, exploit, analyze, and help remediate vulnerabilities across our products, infrastructure, internal systems, and security processes. You will work closely with Engineering, Product, SOC, Compliance & Risk, and Infrastructure teams to embed security into our software development lifecycle and day-to-day operations.

You will also contribute to security culture, support incident investigations, train developers, conduct research, and help shape the offensive security roadmap. Your work will directly improve the security, resilience, and trustworthiness of our incident response platform used by security teams around the world.

Responsibilities

  • Lead and perform offensive security assessments, including web application, API, infrastructure, cloud, and internal system penetration tests.

  • Identify, exploit, document, and prioritize vulnerabilities with clear technical and business impact.

  • Work closely with Engineering teams to help remediate vulnerabilities and improve secure development practices.

  • Contribute to the Secure Development Lifecycle by integrating security reviews, threat modeling, secure coding guidance, and vulnerability management into engineering workflows.

  • Support security incident investigations by providing offensive security expertise, attack path analysis, forensic reasoning, and adversarial thinking.

  • Conduct vulnerability research on our products, dependencies, environments, and emerging attack techniques.

  • Participate in CTFs, bug bounty-style research, labs, and internal security challenges to continuously sharpen offensive capabilities.

  • Build internal tools, scripts, PoCs, and automation to improve security testing, vulnerability analysis, and detection capabilities.

  • Contribute to the security roadmap, both in run activities and build initiatives.

  • Help improve vulnerability management processes: qualification, severity assessment, remediation tracking, validation, and reporting.

  • Deliver security awareness sessions and hands-on training for developers and technical teams.

  • Promote a strong security culture based on collaboration, curiosity, pragmatism, and continuous improvement.

  • Collaborate with SOC, Compliance & Risk, Infrastructure, Product, and Engineering teams to align offensive security work with business priorities and customer trust.

Success criteria (6 to 12 months)

  • Performed several high-quality offensive security assessments with clear, actionable, and well-prioritized findings.

  • Demonstrated strong autonomy in identifying, validating, documenting, and following up on vulnerabilities.

  • Vulnerability reports are precise and useful for both engineering and leadership audiences.

  • Contributed to improving remediation velocity and security awareness within Engineering teams.

  • Helped strengthen the Secure Development Lifecycle through security reviews, threat modeling, or tooling.

  • Delivered at least one meaningful internal security training, workshop, or awareness initiative.

  • Contributed to the offensive security roadmap with concrete improvements, tooling, research, or process enhancements.

  • Recognized by the team as a trusted, collaborative, and pragmatic teammate.

Requirements

Technical skills

  • Strong hands-on experience in offensive security, penetration testing (incl. white box), vulnerability research, or bug bounty.

  • Solid understanding of web application and API security, authentication, authorization and common vulnerability classes.

  • Good knowledge of OWASP Top 10, secure coding principles, threat modeling, and vulnerability management.

  • Experience with offensive security tools: Burp Suite, Nmap, Metasploit, custom scripts, fuzzing, exploitation frameworks, or equivalent.

  • Ability to write clear proof-of-concepts and technical reports.

  • Good understanding of modern software architectures, CI/CD pipelines, cloud environments, containers, and infrastructure security.

  • Ability to analyze vulnerabilities from both technical and business impact perspectives.

  • Comfortable reading code and collaborating with developers on remediation.

  • Experience with incident investigation, attack path analysis, or adversary simulation is a strong plus.

  • Experience with CTFs, bug bounty programs, CVE research, exploit development, or security labs is a strong plus.

  • Knowledge of SOC operations, detection engineering, compliance expectations, or security frameworks is appreciated.

Soft skills

  • Excellent communication skills with both technical and non-technical audiences.

  • Strong autonomy, ownership, and analytical thinking.

  • High curiosity and continuous learning mindset.

  • Pragmatic approach: able to balance risk, business impact, and engineering constraints.

  • Collaborative, humble, and comfortable giving and receiving feedback.

  • Ability to drive security improvements constructively.

You might feel hesitant to apply if you don’t match 100% of the requirements. This list is a guide, we encourage you to apply even if you are a partial match. We are building teams that innovate, not teams that simply tick every box.

Hiring process

  1. Discovery call with the hiring team (30 minutes)

  2. Interview with the VP of Infrastructure & Security and the COO & co-founder (1 hour)

  3. AssessFirst personality assessment

  4. Interview with the Security team (1 hour)

  5. Interview with the Head of Product and an Engineering Manager (1 hour)

  6. Interview with the Head of HR (30 minutes)

About us

StrangeBee is a European cybersecurity software company specializing in Incident Response.

Founded in 2018 by the creators of TheHive and Cortex, StrangeBee was built on the success of these tools that quickly became widely adopted within the cybersecurity community. What started as open-source initiatives evolved into enterprise-grade solutions trusted by organizations worldwide.

Today, TheHive is recognized as a leading incident response platform, empowering thousands of security analysts to detect, investigate, and respond to cyber threats efficiently.

StrangeBee now operates as a fully commercial software vendor, focused on delivering robust, scalable, and continuously evolving solutions tailored to the needs of modern security teams.

Our ambition is clear: strengthen our product ecosystem, meet the fast-growing demands of the cybersecurity market, and establish StrangeBee as a global leader in incident response platforms.

We are growing fast and we’re looking for people who want to grow with us.

Why join us

Customer Centric. We build for real security teams facing real threats, focused on delivering meaningful value.

Quest for Excellence. We continuously raise the bar on how we work, collaborate, and improve our product.

Embrace Change. We encourage initiative and constructive challenge. If you see something to improve, speak up.

One Team. We foster trust, open communication, and psychological safety. Everyone's voice matters.

Joining StrangeBee means real ownership, high standards, visible impactand a team that genuinely supports each other.

Département
Infrastructure & Security
Locations
France
Remote status
Hybrid
Yearly salary
€72,000 - €80,000
Employment type
Full-time
Infrastructure & Security · France · Hybrid

Ethical Hacker / Offensive Security Engineer

Help incident responders around the world. Collaborate in a supportive, high-impact team and grow as we shape Europe’s leading incident response platform.

Loading application form

Already working at StrangeBee?

Let’s recruit together and find your next colleague.

Applicant tracking system by Teamtailor