Pioneer of online flash sales since 2001 and key player in European e-commerce Veepee collaborates with over 7000 brands to offer highly discounted products available for a limited time. Operating across various sectors including fashion home wine travel or beauty... Veepee achieved a turnover of 3.3 billion euros incl. VAT in 2024 and employs 5000 staff members across 10 countries.
Organization and team
The cybersecurity team includes Red/Purple/Blue teamers and risk & compliance oriented profiles all working together to fix security weaknesses with innovative solutions adapted to business needs. A Bug Bounty program an authenticated program on our partner-facing platforms an annual external Red Team engagement and recurring compliance assessments keep us honest and our radar sharp.
Our threat detection & incident response runs fully in-house nothing is outsourced: you can touch everything from detection engineering case management and response threat intelligence and the vulnerability lifecycle to the AI agents orchestrated on top of it all. Automation and AI are at the core of everything (who doesnt): agents triage our alerts 24/7 so humans focus on what matters an LLM pipeline audits our code and every confirmed finding feeds a remediation loop with product teams.
Responsibilities
Attack Veepees perimeter the way a real adversary would: red team penetration tests (grey/black/white/AI box) Active Directory attack paths phishing campaigns and the business web based processes themselves (member journeys seller flows payment chains) hunting for logic flaws no scanner will ever find.
Put our risk register and threat intelligence to the test: take a stated risk or an emerging threat and confirm it or refute it with a working attack scenario.
Qualify what comes in from the outside: Bug Bounty reports (public and authenticated programs) and alerts escalated by our RAG agents during the cyber-watching rotation.
Convert every confirmed attack path into something that runs without you: a detection rule a hunting query an automated control. If a bot can do it we automate it.
Build and improve the teams tooling: AI-assisted code audit password auditing secret hunting attack-surface monitoring.
Carry your findings through to remediation: explain the impact to product and infra teams propose the fix track it through our vulnerability-management lifecycle and re-attack to prove its closed.
Share your discoveries with technical and business teams and spread security culture in accordance with day-to-day constraints.
Required skills
The most important thing is motivation! Naturally curious profiles who enjoy proving or disproving that an attack works and who dont consider the job done until its fixed.
Solid offensive skills: web and API penetration testing (OWASP) Active Directory attack techniques and a taste for business-logic abuse beyond the technical stack.
Investigation fundamentals: comfortable digging through EDR logs and network data to reach a verdict and turning attacker behavior into detection logic or solid on the offensive side with a strong will to grow there.
Scripting and automation (Python Bash PowerShell); interest in AI-assisted security tooling (LLM-based code audit agentic workflows) is a strong plus.
You document what you do and make it reproducible.
Strong communication skills: you can convince a product team to fix something they didnt want to hear about.
Experience: 35 years in offensive security detection engineering or a mixed red/blue role.
We may use artificial intelligence (AI) tools to support parts of the hiring process such as reviewing applications analyzing resumes or assessing responses and identifying potential inconsistencies or verification signals in application materials based on available information. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed please contact us.
Required Experience:
IC
Pioneer of online flash sales since 2001 and key player in European e-commerce Veepee collaborates with over 7000 brands to offer highly discounted products available for a limited time. Operating across various sectors including fashion home wine travel or beauty... Veepee achieved a turnover of 3....
Pioneer of online flash sales since 2001 and key player in European e-commerce Veepee collaborates with over 7000 brands to offer highly discounted products available for a limited time. Operating across various sectors including fashion home wine travel or beauty... Veepee achieved a turnover of 3.3 billion euros incl. VAT in 2024 and employs 5000 staff members across 10 countries.
Organization and team
The cybersecurity team includes Red/Purple/Blue teamers and risk & compliance oriented profiles all working together to fix security weaknesses with innovative solutions adapted to business needs. A Bug Bounty program an authenticated program on our partner-facing platforms an annual external Red Team engagement and recurring compliance assessments keep us honest and our radar sharp.
Our threat detection & incident response runs fully in-house nothing is outsourced: you can touch everything from detection engineering case management and response threat intelligence and the vulnerability lifecycle to the AI agents orchestrated on top of it all. Automation and AI are at the core of everything (who doesnt): agents triage our alerts 24/7 so humans focus on what matters an LLM pipeline audits our code and every confirmed finding feeds a remediation loop with product teams.
Responsibilities
Attack Veepees perimeter the way a real adversary would: red team penetration tests (grey/black/white/AI box) Active Directory attack paths phishing campaigns and the business web based processes themselves (member journeys seller flows payment chains) hunting for logic flaws no scanner will ever find.
Put our risk register and threat intelligence to the test: take a stated risk or an emerging threat and confirm it or refute it with a working attack scenario.
Qualify what comes in from the outside: Bug Bounty reports (public and authenticated programs) and alerts escalated by our RAG agents during the cyber-watching rotation.
Convert every confirmed attack path into something that runs without you: a detection rule a hunting query an automated control. If a bot can do it we automate it.
Build and improve the teams tooling: AI-assisted code audit password auditing secret hunting attack-surface monitoring.
Carry your findings through to remediation: explain the impact to product and infra teams propose the fix track it through our vulnerability-management lifecycle and re-attack to prove its closed.
Share your discoveries with technical and business teams and spread security culture in accordance with day-to-day constraints.
Required skills
The most important thing is motivation! Naturally curious profiles who enjoy proving or disproving that an attack works and who dont consider the job done until its fixed.
Solid offensive skills: web and API penetration testing (OWASP) Active Directory attack techniques and a taste for business-logic abuse beyond the technical stack.
Investigation fundamentals: comfortable digging through EDR logs and network data to reach a verdict and turning attacker behavior into detection logic or solid on the offensive side with a strong will to grow there.
Scripting and automation (Python Bash PowerShell); interest in AI-assisted security tooling (LLM-based code audit agentic workflows) is a strong plus.
You document what you do and make it reproducible.
Strong communication skills: you can convince a product team to fix something they didnt want to hear about.
Experience: 35 years in offensive security detection engineering or a mixed red/blue role.
We may use artificial intelligence (AI) tools to support parts of the hiring process such as reviewing applications analyzing resumes or assessing responses and identifying potential inconsistencies or verification signals in application materials based on available information. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed please contact us.