Security Engineer - Pentester

WHY WE NEED YOU?

Our growth is driving us to strengthen our Trust & Security Operations team to expand our internal pentesting capabilities and strengthen the security posture of our cloud products.

Your mission will be to simulate realistic and controlled cyberattacks across our infrastructure and applications in order to identify vulnerabilities, evaluate associated risks, and continuously improve the security of Scaleway's products and services.

YOUR FUTURE TEAM

We work in a collaborative and international environment where the diversity of Scalers, combined with a spirit of sharing, helps bring new projects to life every day, advancing our ambitions together.

You will be part of a team of 5 people within the security organization. The team is responsible for protecting Scaleway's infrastructure and products through proactive security initiatives, including SOC/CSIRT operations, secure development practices, and offensive security activities.

You will contribute to the Pentest initiative, helping design and build the internal pentesting stack while working closely with product and infrastructure teams to continuously improve security across Scaleway's cloud services.

YOUR DAILY ROUTINE

• Conduct web, API, network, and infrastructure penetration tests on Scaleway products and internal systems
• Simulate realistic cyberattack scenarios to identify vulnerabilities and weaknesses
• Participate in Red Team or adversarial simulation exercises, including social engineering campaigns
• Assess and prioritize vulnerabilities based on their risk and potential impact
• Write clear and structured security reports and communicate findings to technical and non‑technical stakeholders
• Collaborate with product and engineering teams to support remediation and security improvements
• Contribute to the design and implementation of the internal pentesting tool stack
• Stay up to date with emerging vulnerabilities, exploits, and offensive security techniques
• Support the continuous security testing workflow across Scaleway products

ABOUT YOU

HARDSKILLS

• Hands‑on experience with penetration testing (web, APIs, networks, infrastructures)
• Good knowledge of OWASP Top 10, MITRE ATT&CK, CVE and common exploitation techniques
• Experience with security tools such as Nmap, Metasploit, Burp Suite or OWASP ZAP
• Solid scripting or development skills (Python, Bash, SQL, PHP or similar)
• Understanding of vulnerability exploitation techniques such as XSS, SQL injection, buffer overflow or reverse engineering

SOFTSKILLS

• Strong analytical mindset and curiosity
• Creativity and "think outside the box" approach to problem solving
• High level of ethics and integrity in offensive security work
• Ability to write clear and structured reports
• Team spirit and collaboration mindset

WHAT YOU WILL FIND AT SCALEWAY ++++

• Hybrid work: We offer up to 3 days of remote work per week.
• Offices: Spacious, dynamic workspaces with bold design, conveniently located near public transport. Most of our offices feature outdoor spaces (terraces) and bike parking facilities.
• Dining: Healthy meal service at the headquarters, and breakfast available year‑round. Scalers at regional sites enjoy a Swile card for lunches.
• Well‑being commitments: Gym access, daycare places, and discounted services for caring services, supporting work‑life balance.
• International environment: With dozens of nationalities; English widely spoken.
• Career & Mobility: Managers value internal mobility; opportunities to transition within the Iliad Group are accessible to all.

EEO Statement

At Scaleway, we are committed to building an inclusive and respectful workplace where everyone has a fair opportunity to thrive. All applications are considered with care, regardless of age, gender, sexual orientation, ethnic or social background, religion, disability, or any other characteristic. We believe great ideas come from everywhere, and everyone which is why you should definitely apply.