Security Engineer

About Bug Bounty Switzerland

Bug Bounty Switzerland is the leading Security Testing Hyperscaler. With our Cyber Resilience Platform, we help regulated enterprises in financial services, critical infrastructure, and government stay ahead of evolving threats.

We’re headquartered in Switzerland, trusted by some of the most security-conscious organisations in Europe, and scaling fast.

The Role

We're looking for a Security Engineer to operate at the core of our Security Testing Products. In this role, you will act as the technical interface between ethical hackers and enterprise customers, ensuring that reported vulnerabilities are accurately validated, clearly communicated, and effectively remediated.

What sets this role apart is its automation mandate. You won't just triage vulnerabilities, you'll systematically work to eliminate manual triage over time. By building intelligent pipelines, codifying risk methodologies, and continuously improving tooling, you will shape how security testing scales at Bug Bounty Switzerland. Hands-on triage and assessment remain a core part of the role: they keep you sharp, ground your automation in reality, and ensure quality never slips.

This is a hands-on, high-impact role with customer exposure. You will work closely with hackers, customers, Solution Architects and Account Managers to continuously improve security posture, program quality, and platform capabilities. If you enjoy deep technical analysis, building automation, and creating trust across distributed stakeholders, this role is for you.

What You'll Do

Vulnerability Assessments & Automations

• Design, build and continuously improve automated pipelines for vulnerability triage, severity scoring, and risk assessment

• Develop and maintain tooling that reduces manual triage effort, including automated validation checks, duplicate detection, and severity pre-classification

• Participate actively in manual triage and risk assessments to maintain deep technical understanding and to train, validate and improve automation outputs

• Apply and codify structured risk assessment methodologies (e.g. CVSS) into scalable, automated workflows

• Produce and refine templates and logic for technical summaries, with the goal of automating report generation over time

• Collaborate with ethical hackers to resolve ambiguous submissions and use those learnings to improve automation coverage

• Define the long-term roadmap for fully automated triage, working toward minimal manual intervention without sacrificing quality

Security Testing Delivery & Program Execution

• Take ownership of the technical delivery of security testing for our customers

• Prepare strategies and environments for successful testing

• Ensure smooth testing execution and continuously optimise testing quality and efficiency

• Apply strong knowledge of common vulnerability classes (OWASP Top 10 and beyond)

• Use industry-standard tools (e.g. Burp Suite) to validate and reproduce reported vulnerabilities

• Proactively identify gaps, risks, and opportunities for improving customer security posture

Customer Advisory & Stakeholder Collaboration

• Act as a trusted technical advisor to customers using our products

• Proactively guide customers through the setup and execution of security testings

• Support customers in integrating security testing into their organisational processes and workflows

• Ensure clear and efficient communication between hackers and customer teams

What You Bring

Must-Haves

• Experience with security testing or bug bounty programs

• Strong understanding of OWASP Top 10 vulnerabilities and modern web architectures

• Practical experience with security testing tools such as Burp Suite

• Experience applying vulnerability scoring frameworks (e.g. CVSS)

• Experience building or contributing to automation tooling in a security context (e.g. scripting, APIs, workflow automation)

• Language requirements: English required; German a big plus

• Self-motivated, structured, and able to manage your workload independently in a distributed team

Nice-to-Haves

• Experience managing or operating bug bounty programs

• Prior exposure to customer-facing security consulting or advisory roles

• Experience with AI/ML-assisted vulnerability classification or security automation platforms

• Familiarity with orchestration tools or security automation frameworks (e.g. SOAR concepts, n8n, custom API integrations)

• Experience contributing to internal tools or security platforms

Why Join Us

• Work at the intersection of ethical hacking, enterprise security, and product innovation

• Play a key role in protecting critical infrastructure and high-impact organisations across Europe

• Collaborate with a highly skilled, mission-driven team in a high-trust environment

• Influence both customer outcomes and the evolution of our security platform

• Flexible, hybrid setup with strong ownership and autonomy

• Competitive compensation aligned with experience and impact

Reporting & Compensation

• Reports to: Director of Delivery & Customer Success

• Compensation: Competitive base + ESOP, aligned with seniority and impact

• Work setup: Hybrid (Zurich/Bern)

How to Apply

Send us your CV along with a short note explaining why you're excited about this role and why bug bounty and vulnerability disclosure matter to you. If you have examples of past triage work, automation projects, security write-ups, or program experience, we'd love to see them.