Swisscom
Platform Security Engineer
Salary
Job description
Platform Security Engineer
Think like an attacker, build like an engineer, help us find and fix the cracks in our platforms before someone else does.
Your responsibilities
You work in an internal and geographically distributed team with cultural diversity, collaborating closely with platform engineers, DevOps teams and product owners across Swisscom. You play a vital role in our agile environment, not just defending the platform, but actively challenging it.
With your background in offensive security, you bring a hacker's mindset to Swisscom's internal cloud platform. You don't wait for vulnerabilities to be reported, you go looking for them. Through hands-on technical assessments, penetration testing and red team exercises, you identify weaknesses in iAWS, Swisscom's well-architected AWS Landing Zone, and unlike a traditional pen tester who hands over a report and walks away, you stay involved. Where the fix is within your reach, you own it, writing the code, updating the controls and closing the gap yourself.
But this role is more than breaking things. You act as a trusted security advisor to our internal platform and product teams, guiding them on how to build securely from the ground up. For findings that span multiple teams or require broader platform changes, you work alongside our engineers to drive remediation, providing the technical context, the recommended approach and the hands-on support needed to get it done properly.
You help shape the way we approach security across the ICP ART, from improving our engagement with the SOC, to refining our security processes, to ensuring that the platform we offer to all Swisscom internal DevOps teams is not just functional, but genuinely hardened. You collaborate across multiple teams and solution trains within Swisscom, bridging the gap between offensive security expertise and the day-to-day realities of a fast-moving cloud platform. Thanks to you, security is not an afterthought, it's built in.
This role would be excellently suited to someone who has been doing a lot of offensive security work, but would like to branch out to both advisory and engineering positions without losing all the offensive fun!
