
Lovable · Stockholm
TL;DR: We're looking for a world-class Penetration Tester with a name in the field. You'll push Lovable's platform to its limits, hunt vulnerabilities across ou...
TL;DR: We're looking for a world-class Penetration Tester with a name in the field. You'll push Lovable's platform to its limits,
hunt vulnerabilities across our AI pipelines and user-generated code, and make sure attackers never get there before you do.
Why Lovable?
Lovable lets anyone and everyone build software with any language. From solopreneurs to Fortune 100 teams, millions of people use
Lovable to transform raw ideas into real products - fast. We are at the forefront of a foundational shift in software creation,
which means you have an unprecedented opportunity to change the way the digital world works. Over 2 million people in 200+
countries already use Lovable to launch businesses, automate work, and bring their ideas to life. And we’re just getting started.
We’re a small, talent-dense team building a generation-defining company from Stockholm. We value extreme ownership, high velocity,
and low-ego collaboration. We seek out people who care deeply, ship fast, and are eager to make a dent in the world.
What we’re looking for
that precedes you.
movement.
offensive tool.
exfiltration vectors.
tooling.
What you’ll do
cloud infrastructure, and AI pipelines.
unique to AI-generated code running in live products.
real applications on Lovable.
discovery and resolution.
mindset across the engineering culture.
Our Tech Stack
And we're always exploring what's next!
About your application
Please submit your application in English. It’s our company language, so you’ll be speaking lots of it if you join.
We treat all candidates equally - if you’re interested, please apply through our careers portal.
TL;DR: We're looking for a Penetration Tester who lives to break things, ethically. You'll push Lovable's platform to its limits, hunt vulnerabilities across our AI pipelines and user-generated code, and make sure attackers never get there before you do. Why Lovable? Lovable lets anyone and everyone build software with any language. From solopreneurs to Fortune 100 teams, millions of people use Lovable to transform raw ideas into real products - fast. We are at the forefront of a foundational shift in software creation, which means you have an unprecedented opportunity to change the way the digital world works. Over 2 million people in 200+ countries already use Lovable to launch businesses, automate work, and bring their ideas to life. And we’re just getting started. We’re a small, talent-dense team building a generation-defining company from Stockholm. We value extreme ownership, high velocity, and low-ego collaboration. We seek out people who care deeply, ship fast, and are eager to make a dent in the world. What we’re looking for 5+ years of hands-on penetration testing experience across web, mobile, APIs, and cloud infrastructure. Deep expertise in offensive security techniques: OWASP, MITRE ATT&CK, exploit development, privilege escalation, and lateral movement. Experience attacking AI-native products or LLM-integrated systems, including prompt injection, model abuse, and data exfiltration vectors. Strong understanding of cloud environments (GCP, AWS, Cloudflare) and the attack surfaces they introduce. Ability to translate complex findings into clear, prioritised reports that engineering teams can act on immediately. Low ego, high output. You collaborate as naturally as you compete against systems. Bonus: experience with red team operations, supply chain attacks, or mobile security (iOS/Android). Familiarity with SAST/DAST tooling. Background in security research or CVE disclosure. What you’ll do Own offensive security end-to-end: plan and execute penetration tests across Lovable's web platform, mobile surface, APIs, cloud infrastructure, and AI pipelines. Break our AI before others do: probe LLM integrations for prompt injection, jailbreaks, data leakage, and novel attack vectors unique to AI-generated code running in live products. Stress-test user-generated code at scale: identify systemic vulnerabilities introduced when millions of users create and deploy real applications on Lovable. Turn findings into action: work directly with engineering to prioritise, remediate, and verify fixes, closing the loop between discovery and resolution. Raise the security bar org-wide: run internal red team exercises, contribute to threat modelling, and embed an attacker's mindset across the engineering culture. Help make Lovable the most secure AI product in the market. Our Tech Stack Frontend: React and TypeScript Backend: Golang and Rust Cloud: Cloudflare, GCP, AWS, Modal, multiple LLM providers DevOps & Tooling: GitHub Actions, Grafana, OTEL, infra-as-code (Terraform) Data: Clickhouse, Firestore, Spanner, BigQuery And we're always exploring what's next! About your application Please submit your application in English. It’s our company language, so you’ll be speaking lots of it if you join. We treat all candidates equally - if you’re interested, please apply through our careers portal.
At HiQ, every challenge is an invitation to explore new possibilities. We’re looking for someone who thrives on the thrill of discovery, who sees every system as a puzzle waiting to be solved, and who finds energy in the pursuit of safer, smarter digital solutions. As part of our Pentest team, you’ll be at the heart of our mission to build secure applications and environments for some of the most exciting organizations in the Nordics. Your days will be filled with hands-on penetration testing, creative problem-solving, and the freedom to dive deep into the latest tools and techniques. Whether you’re orchestrating a Red Team engagement or probing the intricacies of cloud security, you’ll have the autonomy to shape your own approach, while always knowing that a team of passionate experts has your back. You’ll work with Burp Suite, Nmap, Wireshark, and a host of other tools, sometimes in the cloud, sometimes on-prem, always at the cutting edge. Your experience with Active Directory and scripting will come to life as you navigate complex environments, uncover vulnerabilities, and help our clients see their systems through a new lens. If you’ve cracked hashes, explored mobile app security, or sharpened your skills in CTFs, you’ll find plenty of opportunities to push your expertise even further. WHAT YOU BRING * At least 5 years of practical experience in penetration testing or Red Team operations * Deep familiarity with industry-standard tools such as Burp Suite, Nmap, and Wireshark * Strong background in assessing and securing web applications * Proven experience performing Active Directory and broader network security assessments * Understanding of modern cloud platforms and architectures * Scripting skills that enable you to automate workflows and develop new solutions * Relevant education and/or certifications (e.g., OSCP, OSCE, AWS/Azure Security) * Excellent communication skills, with the ability to clearly document and articulate vulnerabilities and recommendations * Swedish citizenship, as HiQ carries out security-classified assignments that may require it BONUS SKILLS * Experience with hash cracking * Knowledge of mobile application security * Knowledge in cloud security * Networking know-how * Capture the Flag participation * Insights into computer forensics Here, learning is woven into the fabric of every project. Whether you’re pursuing new certifications, experimenting with the latest exploits, or sharing insights with colleagues, you’ll find endless room to grow. We celebrate curiosity and initiative, if you spot an opportunity to make something better, you’ll have the freedom and support to make it happen. You’ll be trusted to run penetration tests independently, but you’ll never be alone. Collaboration is second nature here: ideas bounce, knowledge flows, and everyone’s voice matters. You’ll document your findings with clarity, communicate risks with empathy, and help guide clients toward stronger, more resilient solutions. If you’re ready to join a team where your passion for security is matched only by your drive to learn and create, we’d love to meet you. Ready to take the next step? Apply now and let’s build something extraordinary together.
Nordnet redefined the financial world as the first digital bank in Europe. Now we are about to do it again and the aim is to create the next generation of bank, in the cloud. We know that this requires great people, great teams, and great technology. Do you want to join us and build the new Nordnet? At Nordnet we want to democratize savings and investments by giving our customers access to the best tools and information whether you are a professional investor or a small saver. With modern technologies and speed of delivery, we are building the next generation investment platform. This is part of the role Nordnet is a company with tech as the primary focus. In our agile and autonomous teams, you will be working with engaged colleagues that love to share their knowledge. As a cloud security engineer, you will drive automation and integrate DevSecOps into our cloud-based platform by embedding security in Continuous Integration/Continuous Delivery (CI/CD) pipelines, enhancing infrastructure security and ensuring secure software development practices. As a Cloud Security Engineer acting autonomously and with a clear mandate, you will: Develop and enforce cloud and Infrastructure As Code (IaC) security policies. Improve cloud security monitoring by building and managing detections. Collaborate with engineering teams to ensure security best practices and Secure Software Development Life Cycle SSDLC (Shift-Left). Facilitate threat modelling sessions, secure code review and vulnerability assessments. Coordinate penetration testing efforts and track remediations. Enable developers to ship fast by automating security Balance security rigor with business agility; we don't just secure, we enable. This is you To succeed in this role, we believe that you take great pride in your work, are curious and continuously want to learn and grow. Believing in collaboration and discussing ideas and concepts with your colleague, you will serve as the first point of contact for our Platform teams as a Cloud Security Subject Matter Expert to enable the delivery of great products. As a Cloud Security Engineer, you have: Offensive security mindset ideally with former red teamer or penetration tester experience Knowledge of Google Cloud Platform (or equivalent experience with other Cloud providers) Google Security Command Centre (SCC) Google Kubernetes Engine (GKE) Identity and Access Management (IAM) Infrastructure As Code (Terraform) Github Ability to work independently and as part of a team Strong stakeholder management skills, ability to work with both technical and non-technical stakeholders Ability define and implement security requirements in cloud environments Experience with security best practices and vulnerability management process. Familiarity with programming and major frameworks (Java, Spring, React) What we offer Your expertise and contribution will be appreciated from day one Access to the latest AI tools with cutting edge models to support your daily work. Plenty of opportunities to grow as a security professional Competitive salary and compensation Opportunity to shape the architecture, influencing the security design of Europe’s next-generation digital bank from the ground up. Access to training opportunities such as professional certifications (e.g., GCP Security, OSCP, OSAI+, CISSP), industry conferences, and dedicated time for skills development. You won't just follow a checklist; you’ll have the mandate to build and own your security automation roadmap. We offer you the opportunity to work in a Nordic environment with a strong focus on delivery, product development and technology. Our ambitions are high and you will embark on a fast and challenging journey together with a skillful team of sharp and committed colleagues. Our teams are autonomous and embrace the agile way of working. Culture is built and cared for, each day by everyone. We’re proud of ours. Having a flat organization where anyone can talk to anyone creates a warm and friendly atmosphere worth protecting. We believe in a culture where every effort counts and where everyone is being recognized. A culture embracing our core values – passion, simplicity and transparency on all levels, no matter who you are or what you do. We are over 900 employees located in Stockholm, Oslo, Helsinki, Copenhagen and Frankfurt. Visit us on: career.nordnetab.com/pages/engineering Learn more about Nordnet in our brand movie This is Nordnet, that describes our identity. Questions & Applications Please note that we will start reviewing applications after the summer holidays. To ensure a fair process and that your data is handled securely, we only accept applications through our recruitment system, applications sent via email will not be considered. If you have questions, please contact Hiring Manager Ralph Benton at ralph.benton@nordnet.se We want to inform you that Nordnet conducts mandatory credit and background checks, as well as drug testing as a part of our recruitment process. We look forward to receiving your application!