
Align · United Kingdom – Remote
ABOUT THE ROLE The Penetration Tester works to execute department activities and deliver high-quality security assessments to a diverse portfolio of high-profi...
The Penetration Tester works to execute department activities and deliver high-quality security assessments to a diverse portfolio
of high-profile clients. In this role, you will be responsible for the execution of comprehensive security testing across a wide
range of industries, utilizing a broad array of tools to discover and mitigate vulnerabilities. As the Penetration Tester, you
will provide exceptional technical and creative strategies to help the continued growth of our fast-paced company while operating
in an environment free from the pressures of time reporting, chargeability goals, or sales targets. A-LIGN will depend on you as
the Penetration Tester to support management, plan and execute sophisticated penetration tests, and ensure the ongoing protection
of our clients’ most critical systems and data.
Managing Consultant
Full-Time
A-LIGN is the leading provider of high-quality, efficient cybersecurity compliance programs. Combining experienced auditors and
audit management technology, A-LIGN provides the widest breadth and depth of services including SOC 2, ISO 27001, HITRUST,
FedRAMP, and PCI. A-LIGN is the number one issuer of SOC 2 and HITRUST and a top three FedRAMP assessor. To learn more, visit
a-lign.com.
Apply online today at A-LIGN.com and learn about life at A-LIGN by following us on LinkedIn.
A-LIGN is an Equal Opportunity Employer.
TL;DR: We're looking for a Penetration Tester who lives to break things, ethically. You'll push Lovable's platform to its limits, hunt vulnerabilities across our AI pipelines and user-generated code, and make sure attackers never get there before you do. Why Lovable? Lovable lets anyone and everyone build software with any language. From solopreneurs to Fortune 100 teams, millions of people use Lovable to transform raw ideas into real products - fast. We are at the forefront of a foundational shift in software creation, which means you have an unprecedented opportunity to change the way the digital world works. Over 2 million people in 200+ countries already use Lovable to launch businesses, automate work, and bring their ideas to life. And we’re just getting started. We’re a small, talent-dense team building a generation-defining company from Stockholm. We value extreme ownership, high velocity, and low-ego collaboration. We seek out people who care deeply, ship fast, and are eager to make a dent in the world. What we’re looking for 5+ years of hands-on penetration testing experience across web, mobile, APIs, and cloud infrastructure. Deep expertise in offensive security techniques: OWASP, MITRE ATT&CK, exploit development, privilege escalation, and lateral movement. Experience attacking AI-native products or LLM-integrated systems, including prompt injection, model abuse, and data exfiltration vectors. Strong understanding of cloud environments (GCP, AWS, Cloudflare) and the attack surfaces they introduce. Ability to translate complex findings into clear, prioritised reports that engineering teams can act on immediately. Low ego, high output. You collaborate as naturally as you compete against systems. Bonus: experience with red team operations, supply chain attacks, or mobile security (iOS/Android). Familiarity with SAST/DAST tooling. Background in security research or CVE disclosure. What you’ll do Own offensive security end-to-end: plan and execute penetration tests across Lovable's web platform, mobile surface, APIs, cloud infrastructure, and AI pipelines. Break our AI before others do: probe LLM integrations for prompt injection, jailbreaks, data leakage, and novel attack vectors unique to AI-generated code running in live products. Stress-test user-generated code at scale: identify systemic vulnerabilities introduced when millions of users create and deploy real applications on Lovable. Turn findings into action: work directly with engineering to prioritise, remediate, and verify fixes, closing the loop between discovery and resolution. Raise the security bar org-wide: run internal red team exercises, contribute to threat modelling, and embed an attacker's mindset across the engineering culture. Help make Lovable the most secure AI product in the market. Our Tech Stack Frontend: React and TypeScript Backend: Golang and Rust Cloud: Cloudflare, GCP, AWS, Modal, multiple LLM providers DevOps & Tooling: GitHub Actions, Grafana, OTEL, infra-as-code (Terraform) Data: Clickhouse, Firestore, Spanner, BigQuery And we're always exploring what's next! About your application Please submit your application in English. It’s our company language, so you’ll be speaking lots of it if you join. We treat all candidates equally - if you’re interested, please apply through our careers portal.
TL;DR: We're looking for a world-class Penetration Tester with a name in the field. You'll push Lovable's platform to its limits, hunt vulnerabilities across our AI pipelines and user-generated code, and make sure attackers never get there before you do. Why Lovable? Lovable lets anyone and everyone build software with any language. From solopreneurs to Fortune 100 teams, millions of people use Lovable to transform raw ideas into real products - fast. We are at the forefront of a foundational shift in software creation, which means you have an unprecedented opportunity to change the way the digital world works. Over 2 million people in 200+ countries already use Lovable to launch businesses, automate work, and bring their ideas to life. And we’re just getting started. We’re a small, talent-dense team building a generation-defining company from Stockholm. We value extreme ownership, high velocity, and low-ego collaboration. We seek out people who care deeply, ship fast, and are eager to make a dent in the world. What we’re looking for * 12+ years of hands-on penetration testing experience across web, mobile, APIs, and cloud infrastructure. * A track record the field knows about: CVEs to your name, hall-of-fame credits in major bug bounty programs, or a reputation that precedes you. * Deep expertise in offensive security techniques: OWASP, MITRE ATT&CK, exploit development, privilege escalation, and lateral movement. * Hands-on experience using AI as part of your hacking workflow — not just testing AI systems, but actively leveraging it as an offensive tool. * Experience attacking AI-native products or LLM-integrated systems, including prompt injection, model abuse, and data exfiltration vectors. * Strong understanding of cloud environments (GCP, AWS, Cloudflare) and the attack surfaces they introduce. * Ability to translate complex findings into clear, prioritised reports that engineering teams can act on immediately. * Low ego, high output. You collaborate as naturally as you compete against systems. * Bonus: experience with red team operations, supply chain attacks, or mobile security (iOS/Android). Familiarity with SAST/DAST tooling. What you’ll do * Own offensive security end-to-end: plan and execute penetration tests across Lovable's web platform, mobile surface, APIs, cloud infrastructure, and AI pipelines. * Break our AI before others do: probe LLM integrations for prompt injection, jailbreaks, data leakage, and novel attack vectors unique to AI-generated code running in live products. * Stress-test user-generated code at scale: identify systemic vulnerabilities introduced when millions of users create and deploy real applications on Lovable. * Turn findings into action: work directly with engineering to prioritise, remediate, and verify fixes, closing the loop between discovery and resolution. * Raise the security bar org-wide: run internal red team exercises, contribute to threat modelling, and embed an attacker's mindset across the engineering culture. * Help make Lovable the most secure AI product in the market. Our Tech Stack * Frontend: React and TypeScript * Backend: Golang and Rust * Cloud: Cloudflare, GCP, AWS, multiple LLM providers * DevOps & Tooling: GitHub Actions, Grafana, OTEL, infra-as-code (Terraform) * Data: Clickhouse, Firestore, Spanner, BigQuery And we're always exploring what's next! About your application Please submit your application in English. It’s our company language, so you’ll be speaking lots of it if you join. We treat all candidates equally - if you’re interested, please apply through our careers portal.
ÜBER CYQUEO Bei CYQUEO arbeiten wir eng mit den weltweit führenden Herstellern von IT-Security-Lösungen zusammen und setzen vielseitige, kundenspezifische Projekte mit dem Schwerpunkt Cybersecurity um. Unsere innovativen Lösungen zeichnen sich dadurch aus, dass sie ohne Bewegung auf der Hardware-Ebene entwickelt werden – flexibel, modern und zukunftsweisend. Als Teil unseres Teams profitierst Du von 20 Jahren technischem Know-how und einer echten Teamkultur, in der Zusammenarbeit und Austausch großgeschrieben werden. Fühlst Du Dich angesprochen? Mit großem Erfolg, Engagement und Anerkennung unterstützen wir weltweit namhafte Unternehmen bei der Entwicklung und Implementierung von Cloud-, Internet- und Endpoint-Sicherheitslösungen. Gemeinsam sorgen wir dafür, dass Menschen und Unternehmen sich sicher fühlen – privat und beruflich. Möchtest Du mit uns die digitale Welt sicherer machen? Dann werde Teil von CYQUEO! DEINE AUFGABEN * Du führst gründliche und systematische Penetrationstests in den Kernbereichen Active Directory, drahtlose Netzwerke und Webanwendungen mithilfe von effektivsten Testmethoden (White Box, Grey Box und Black Box) durch, um Sicherheitslücken umfassend zu identifizieren und zu dokumentieren * Als Teil unseres Teams verantwortest Du für eine tatsächliche Beseitigung der Angriffsrisiken und den Support einzelner Lösungen bei unseren namhaften Kunden * Du unterstützt unser Sales-Team bei technischen und produktbezogenen Fragen sowie bei Produktpräsentationen (Remote / Vor-Ort) * Du betreust Proof-of-Concept-Phasen als Haupt-Ansprechpartner * Du arbeitest eng mit IT-, Development- und Security-Teams zusammen und bist im wirkungsvollen Austausch mit den anderen Experten * Du identifizierst Kundenanforderungen, analysierst diese und erarbeitest daraus nachvollziehbare und umsetzbare Lösungskonzepte * Du bildest Dich kontinuierlich zu neuen Angriffstechniken, Werkzeugen und Schutzmaßnahmen weiter und verbesserst dadurch übliche Testverfahren DAS RUNDET DEIN PROFIL AB * Abgeschlossene Ausbildung zum Fachinformatiker für Systemintegration oder ein alternatives Studium * 2-3 Berufserfahrung in der IT (bevorzugt im Service- / Dienstleistungsbereich, IT-Security) * Praktische Erfahrung mit typischen Angriffsmethoden wie Pass-the-Hash, Kerberoasting, Privilege Escalation und Lateral Movement sowie sichere Anwendung entsprechender Sicherheitstools und Plattformen wie Endpoint Protection, EDR, SIEM und Firewalls * Ein tiefes Verständnis von Netzwerkprotokollen, Architekturen, Segmentierung und Datenverkehr sowie ein Verständnis für die Arbeit von SOC-Teams * Kenntnisse in der Analyse von Web Applications (typische Schwachstellen wie SQL Injection, Cross-Site Scripting (XSS), Authentication Bypass) sowie der sichere Umgang mit Tools wie Burp Suite, OWASP ZAP oder manuellen Techniken * Praktische Erfahrung in der Verwaltung von Windows und Linux Systemen ist von Vorteil * Fähigkeit, technische Ergebnisse verständlich aufzubereiten und zielgruppengerecht zu kommunizieren * Hohe Affinität für die Bereiche wie Active Directory, Wireless Security, Social Engineering, OSINT und Web-Sicherheit sowie Leidenschaft für ethisches Hacking * Ein eigenverantwortlicher und strukturierter Arbeitsstil * Verbindliches Auftreten, positive Ausstrahlung und ausgeprägte Hands-On-Mentalität * Verhandlungssicheres Deutsch und fließendes Englisch WARUM WIR? * Mitreißende Arbeitsatmosphäre, in der dein Wachstum unvermeidbar ist * Ein schickes Büro mit U-Bahn- und S-Bahn-Anbindung sowie einem Kühlschrank mit erfrischenden Getränken und Snacks * Du-Kultur, Kollegialität, freundliche interne Kommunikation, direkter Kontakt zu den Cyber-Security-Gurus und zu den Vorgesetzten * Keine langen Meetings und keine täglichen Reportings * Homeoffice-Tage und eine tatsächlich gelebte Work-Life-Balance * Attraktive Vergütung, ein unbefristetes Arbeitsverhältnis und weitere Arbeitgeberleistungen * Mitarbeiterangebote für Sport und Einkaufen sowie ein Mobilitätszuschuss * Schulungen, Trainings, Zertifizierungen sowie internes Coaching * Restaurant auf unserem Campus * Regelmäßige Team-Events, After-Work-Partys (freiwillig) u. v. m.