top 3 scores:
Location flexibility
Hours flexibility
Role modelling
Job Description
Storyblok is the enterprise-ready headless CMS that empowers developers and marketers to bring ideas to market faster. It supports the entire content lifecycle—from creation and management to delivery—streamlining workflows, boosting productivity, and ensuring exceptional performance and accessibility. Storyblok frees you from the pain of legacy CMS platforms and empowers your teams to ship content quickly and build with complete flexibility.
Designed for global scalability and secure collaboration, Storyblok enables teams to deliver seamless, engaging digital experiences at scale. Trusted by leading brands like Oatly, Virgin Media O2, Deliveroo, Renault, and Education First, Storyblok helps businesses of all sizes unlock new opportunities, channels, and markets—delivering a bigger, faster market impact.
WHAT IS IN IT FOR YOU
You will be joining a growing company where you can contribute to many “firsts”. Plus these benefits:
- Monthly remote work stipend (home internet costs, electricity). Home office equipment package right at the start (laptop, keyboard, monitor…)
- Home office equipment upgrade (furniture, ear plugs …) or membership to a local co-working space after your onboarding
- Sick leave benefit, parental leave and 25 days of annual leave plus your local national holidays
- Personal development fund for courses, books, conferences, and material
- VSOP (Virtual Stock Option Plan)
- The annual international team-building trip, quarterly and monthly online get-togethers
- As a fully remote company, with work-life balance at its core, you’ll enjoy flexible schedules
- An international team that loves to have fun at work and works hard together to accomplish shared goals
JOB SUMMARY
This role focuses on various security-related tasks around our day to day product operation such as the execution of threat-led penetration testing, handling of external security findings, execution of red / purple team exercises and penetration testing of external and internal infrastructures, architecture and configuration review, source code review, attack simulation exercises, and cloud infrastructure assessments. The results of these findings should be communicated to the appropriate stakeholders.
Your main responsibilities would be:
- Monitoring for incoming vulnerability reports, testing for viability, categorisation of the findings and making sure they are fixed or properly mitigated.
- Execution of threat-led penetration testing and red / purple team exercises by utilizing well-known and established frameworks such as MITRE ATT&CK and TIBER-EU.
- Set-up and maintain automated testing systems to continuously monitor Storyblok's security posture
- Assist with performing social engineering assessments (email phishing, vishing, physical access attacks) to simulate the theft of passwords, infiltrate systems, and download malware / ransomware to assess the security awareness.
- Perform penetration tests on Storyblok assets, such as external and internal infrastructures and web applications to identify security weaknesses and misconfigurations.
- Perform security configuration assessments for cloud, network, servers and endpoints.
- Prepare reports and present on vulnerabilities and exploitation techniques.
- Coaching and developing team members through sharing of experience and knowledge.
- Keep up to date with the latest penetration testing techniques and the current threat landscape.
- Maintain knowledge about current security standards, systems, and authentication protocols.
- Provide awareness about potential threats and cyber security best practices.
EDUCATION AND EXPERIENCE
- Experience with large scale applications on Amazon AWS
- Experience with Linux, networking protocols, general utilities, and shell scripts
- Fluency in scripting languages like Bash, Ruby, or Python
- Experience with Cloud-native solutions
- Excellent knowledge of offensive security frameworks
- Experience with industry recognized security testing standards, penetration testing methodology and attack simulation tools.
- Working experience preferred related to the execution of red / purple team exercises and / or penetration testing of web and mobile applications, internal and external infrastructure, execution of social engineering assessments.
- Be able to conduct research and development and solve technical problems independently.
- Be a team player with good communication and interpersonal skills.
- Excellent communication skills
MENTAL, PHYSICAL AND ENVIRONMENTAL REQUIREMENTS
Remote (home) work opportunity or funded by Storyblok co-working space
GENERAL TERMS
Storyblok has a commitment to diversity and inclusion. We strive to create a hiring environment in which all people feel they are equally respected and valued, irrespective of gender identity or expression, sexual orientation, ethnicity, age, religion, citizenship or any other characteristic. You can find more information about our privacy policy here.
All communications regarding job opportunities at Storyblok will come from an official Storyblok employee with an email address ending in @storyblok.com. We will never redirect you to another portal or another site that is unrelated to our domain (storyblok.com).
Here is a sneak peek of Storyblok’s Visual Editor
If you need an accommodation for any part of the application process, please email talent.acquisition@storyblok.com
Storyblok is the enterprise-ready headless CMS that empowers developers and marketers to bring ideas to market faster. It supports the entire content lifecycle—from creation and management to delivery—streamlining workflows, boosting productivity, and ensuring exceptional performance and accessibility. Storyblok frees you from the pain of legacy CMS platforms and empowers your teams to ship content quickly and build with complete flexibility.
Designed for global scalability and secure collaboration, Storyblok enables teams to deliver seamless, engaging digital experiences at scale. Trusted by leading brands like Oatly, Virgin Media O2, Deliveroo, Renault, and Education First, Storyblok helps businesses of all sizes unlock new opportunities, channels, and markets—delivering a bigger, faster market impact.
WHAT IS IN IT FOR YOU
You will be joining a growing company where you can contribute to many “firsts”. Plus these benefits:
- Monthly remote work stipend (home internet costs, electricity). Home office equipment package right at the start (laptop, keyboard, monitor…)
- Home office equipment upgrade (furniture, ear plugs …) or membership to a local co-working space after your onboarding
- Sick leave benefit, parental leave and 25 days of annual leave plus your local national holidays
- Personal development fund for courses, books, conferences, and material
- VSOP (Virtual Stock Option Plan)
- The annual international team-building trip, quarterly and monthly online get-togethers
- As a fully remote company, with work-life balance at its core, you’ll enjoy flexible schedules
- An international team that loves to have fun at work and works hard together to accomplish shared goals
JOB SUMMARY
This role focuses on various security-related tasks around our day to day product operation such as the execution of threat-led penetration testing, handling of external security findings, execution of red / purple team exercises and penetration testing of external and internal infrastructures, architecture and configuration review, source code review, attack simulation exercises, and cloud infrastructure assessments. The results of these findings should be communicated to the appropriate stakeholders.
Your main responsibilities would be:
- Monitoring for incoming vulnerability reports, testing for viability, categorisation of the findings and making sure they are fixed or properly mitigated.
- Execution of threat-led penetration testing and red / purple team exercises by utilizing well-known and established frameworks such as MITRE ATT&CK and TIBER-EU.
- Set-up and maintain automated testing systems to continuously monitor Storyblok's security posture
- Assist with performing social engineering assessments (email phishing, vishing, physical access attacks) to simulate the theft of passwords, infiltrate systems, and download malware / ransomware to assess the security awareness.
- Perform penetration tests on Storyblok assets, such as external and internal infrastructures and web applications to identify security weaknesses and misconfigurations.
- Perform security configuration assessments for cloud, network, servers and endpoints.
- Prepare reports and present on vulnerabilities and exploitation techniques.
- Coaching and developing team members through sharing of experience and knowledge.
- Keep up to date with the latest penetration testing techniques and the current threat landscape.
- Maintain knowledge about current security standards, systems, and authentication protocols.
- Provide awareness about potential threats and cyber security best practices.
EDUCATION AND EXPERIENCE
- Experience with large scale applications on Amazon AWS
- Experience with Linux, networking protocols, general utilities, and shell scripts
- Fluency in scripting languages like Bash, Ruby, or Python
- Experience with Cloud-native solutions
- Excellent knowledge of offensive security frameworks
- Experience with industry recognized security testing standards, penetration testing methodology and attack simulation tools.
- Working experience preferred related to the execution of red / purple team exercises and / or penetration testing of web and mobile applications, internal and external infrastructure, execution of social engineering assessments.
- Be able to conduct research and development and solve technical problems independently.
- Be a team player with good communication and interpersonal skills.
- Excellent communication skills
MENTAL, PHYSICAL AND ENVIRONMENTAL REQUIREMENTS
Remote (home) work opportunity or funded by Storyblok co-working space
GENERAL TERMS
Storyblok has a commitment to diversity and inclusion. We strive to create a hiring environment in which all people feel they are equally respected and valued, irrespective of gender identity or expression, sexual orientation, ethnicity, age, religion, citizenship or any other characteristic. You can find more information about our privacy policy here.
All communications regarding job opportunities at Storyblok will come from an official Storyblok employee with an email address ending in @storyblok.com. We will never redirect you to another portal or another site that is unrelated to our domain (storyblok.com).
Here is a sneak peek of Storyblok’s Visual Editor
If you need an accommodation for any part of the application process, please email talent.acquisition@storyblok.com
Company benefits
We asked employees of Storyblok what it's like to work there, and this is what they told us.
Additional employee ratings
(these do not contribute to the FlexScore®)
Working at Storyblok
Company employees
Gender diversity (male:female)
Funding levels
Currently Hiring Countries
Germany
India
Sweden
United Kingdom
United States
Office Locations
Global