AppSec Engineer (Ethical Hacker) (f/m) 80-100%

Technology – Zug, Switzerland

Apply nowMail

 

About us
ricardo.ch engineering is the largest part of EPD - a unified Engineering, Product and Design department. We work cross-functionally, with around 6-8 teams active on different topics at once. We share a hack day-style way of working, with weekly public stand-ups and demos, strong self-organization, and individual responsibility. With over 50 engineers, and three offices (Zug - Switzerland, Belgrade - Serbia,  Valbonne - France), we work closely with our colleagues across borders. Together, we partake in workshops, hack days, and allocate 20% of engineering time for innovation, learning, and experiments. Our culture is geek, our working style is agile, and our mindset is collaborative.

Job Description
As the AppSec engineer at ricardo.ch, your main mission will be to hunt down threats and vulnerabilities, train our engineers to protect against them, inspire and educate the organisation on best practices, frameworks and tools used to build a secure platform. You’ll have the opportunity to work with all our product and engineering teams on native apps, web, apis and cloud infrastructure to secure all areas of ricardo.ch and train the entire organisation on security best practices.
You’ll focus on product, tools, framework development, research, analysis and architecture used to improve the security at ricardo.ch and will collaborate with the central security team at Tamedia.

Responsibilities

• Develop tools and techniques to enable other engineers to find flaws before they go in production 


• Be a security subject matter expert in the organisation 


• Answer to any internal security engineering request/question


• Collaborate with other teams to help architect secure solutions


• Participate in architecture and code reviews


• Conduct penetration tests against our internal and external systems in collaboration with our security partners


• Perform reactive incident response when a security event occurs  


• Develop and lead training exercises to improve the overall engineering security knowledge


• Develop a threat model for our existing applications and infrastructure


• Deliver impactful presentations and reports on security to the organisation 


• Architect solutions and framework to prevent future and current attacks scenarios


• Guide teams with clear instructions to prevent risks through small, simple changes


• Help in efforts to detect and prevent fraud against our users


• Champion the causes of data privacy and responsible handling of user information

About you

• You have 4+ years experience in information security, writing secure code and penetration testing


• You have certificates like CISSP, GIAC or others


• You’re comfortable writing code in languages like Go, Node.js, Java 


• You enjoy simplifying and automating complex processes 


• You’re great at being offensive at systems without offending people


• You can quickly explain security concepts to different audience (engineers, business people, customer service agents, …)


• You’re happier and more productive when you manage your own time


• You keep up to date on the latest developments and trends in app security

Benefits

• Strong engineering culture, empowerment and trust


• Working on a very popular product (90% recognition) in Switzerland


• Training and conference budget available for every Engineer


• Weekly time for more free-form experiments and hacking


• Central office close to Zug main station with great public transportation access (25 minutes from Zurich, 20 minutes from Luzern)


• Video games, table soccer, sports offering over lunch


• Free coffee, affordable breakfast and lunch options

About ricardo.ch

Today, ricardo.ch is the largest online marketplace in Switzerland with over 1.5 million listed items and more than 2 million users. We aim to improve our platform, innovate, grow the marketplace even further. If you enjoy challenges at scale, high energy work, and are creative in the solutions you bring, we are excited to hear from you!

 

We do not accept unsolicited CVs from Third Party Agencies.

Apply now

Or, know someone who would be a perfect fit? Let them know!

Mail

Contact

Simone Hochstrasser