Offensive Security Engineer - Vulnerability Management

We’re shaping the future of financial technology at Trendyol.

As Trendyol’s technology teams, we’re not only building for today we’re designing the financial experiences of tomorrow. From payment infrastructure and digital wallets to smart credit systems and personalized financial services, we create solutions that empower millions of users across our ecosystem.

With Trendyol Pay, we enable fast, secure, and seamless payment journeys. Through Trendyol Finance, we develop inclusive and accessible products that simplify financial decisions.

We are united by a shared purpose: To create a positive impact in our ecosystem by enabling commerce through technology.

Follow Trendyol on LinkedIn; Trendyol Tech on Youtube and Medium!

• Enumerate, correlate and track the organization’s attack surface across hybrid infrastructure (cloud, on‑prem, multi‑dc, saas, etc.).
• Detect exposures, misconfigurations, ownerless assets, and control gaps using tools and offensive mindset.
• Collaborate with infrastructure teams to ensure accurate asset inventory, tagging and zone health.
• Apply attacker‑centric prioritization using EPSS, KEV, CVSS contextualization, TI feeds, exploit availability and real world threat actor TTPs.
• Utilize insights to map exposures and likely attack paths.
• Participate in the full Continuous Threat Exposure Management (CTEM) lifecycle (Scoping, Discovery, Prioritization, Validation, Mobilization) design and improve current processes according to organization’s needs and global standards.
• Perform validation through PoC exploitation, manual verification, exploit research, and misconfiguration abuse.
• Support remediation teams by providing actionable, reproducible, business‑aware remediation and mitigation guidance.
• Be aware of regulatory audit and compliances (e.g. ISO 27001, PCI‑DSS, SOX, GDPR, KVKK, etc.) and knowledgeable about the requirements of these processes, supporting organizational needs when necessary within our scope of business.
• Develop automation scripts to enhance discovery, validation and reporting processes.
• Continuous monitoring of global security risks trends to proactively eliminate gaps in our organization.

• Minimum 4 years hands on experience in offensive security, vulnerability management, or exposure management.
• Deep understanding of attacker mindset, how exposures translate into real attack paths.
• Solid experience with vulnerability scanners, attack surface tools, BAS platforms, cloud security, EDR/XDR and SIEM/SOAR.
• Strong grasp of networking, operating systems, identity systems, cloud primitives and security controls.
• Ability to validate and prioritize vulnerabilities manually and perform limited exploitation when needed.
• Experience building dashboards, reports and risk scoring.
• Experience contributing to CTEM framework design or exposure scoring models.
• Fluent in preferred coding language for automation & integration purposes (e.g. python).
• Strong analytical and problem‑solving skills.
• Eagerness on self‑improvement, open‑minded, future‑oriented.
• Excellent communication skills – able to explain technical exposure in business‑impact language.
• Highly collaborative with SOC, Threat Hunting, Red Team, DevOps and IT Ops.
• Good command of written and spoken English.
• Relevant certification(s) in the offensive security field (CEH, OSCP, eCPPT, OSWE, CRTO, etc.).

A hybrid working model with flexibility — a schedule that helps you find the right balance between flexibility and team bonding, including work‑from‑abroad opportunities and a summer working model.

A customizable FlexBenefits budget — Adjust your daily meal allowance, choose your health insurance package (and extend it to your spouse or children), and pick from additional benefits like fuel support or Trendyol shopping credits.

Comprehensive wellbeing support — Take advantage of our extended health package, which includes annual mini health screenings, access to location‑based in‑house doctors, psychologist and dietitian support, and HPV vaccination coverage.

Personalized training allowance and learning opportunities — Use your annual budget for any training or conference of your choice, explore our Learning Management System (LMS) anytime, and join in‑person learning sessions offered throughout the year.

Responsibility from day one — Take full ownership from the start in a culture where every voice is heard and valued.

A diverse, international team — Collaborate with global peers across our offices in Berlin, Amsterdam, Dubai, and beyond, in a startup‑spirited and collaborative environment.

Opportunities to grow with the best — Tackle meaningful challenges, develop through hands‑on experience, and grow with the support of expert guidance and global mentoring.

Meaningful connections beyond tasks — Be part of team rituals, events, and social activities that help us stay connected and inspired.

If this role excites you, apply now and let’s take the next step together.

Want to get to know the team better first? Explore our Career Website, LinkedIn, or YouTube to learn more about #LifeatTrendyol and how we work.