This is tiko Energy Solutions – a company part of the ENGIE Group
The tiko platform brings customers the power of a Virtual Power Plant and an award-winning Smart Home Energy Management system designed to connect Residential and SME assets. With its active VPP deployments, tiko is one of the biggest real-time Smart Grids in the world.
Our customizable, future-proof technology has the life-expectancy of a Physical Power Plant and enables the delivery of the full spectrum of energy services, including the most sophisticated.
Self-driven and open to feedback, our dynamic and multicultural start-up culture will provide you with the perfect opportunity to do excellent work, while you contribute to increasing the presence of our innovative energy management solutions worldwide.
Why it’s great to work at tiko:
17 nationalities on 2 campuses at the center of lively cities: Zürich and Milan, and a common language: English. A company where we all know each other and where your opinion matters – really!
We value our work-life balance
Offices in the center of the city, noise cancelling headphones, travelling time considered as working time in trains, flexible hours and home office whenever you need: we offer a flexible workplace.
A kitchen to enjoy our meals together in the office in Zürich, and an attractive shared space in Milan, cake at least once a month, numerous team events, barbecues in the summer and fondues in winter on our rooftop in Zürich… We love spending time together.
Level of employment:
Part of the QA & Cyber Security team you will help to strengthen the security of our Cloud infrastructure. You will be responsible for ensuring tiko’s frontend, cloud application, API, container, orchestration and backend security with a Red/Purple team mindset. You understand modern cloud architectures, latest tools and DevSecOps best practices, and can work fluently with DevOps teams and CI/CD pipelines. You suggest and communicate improvements into our security posture based on your findings.
- You have a BSc in Computer Science, IT or equivalent proven work experience. Minimum work experience requirement in similar position is 5 years.
- You have good communication skills with different levels of stakeholders. You are also able to clearly and understandably present and document your work for different audiences.
- You understand different security compliance frameworks and how to apply them in a pragmatic way to gain the best value for organization.
- You are aware of the latest attacker TTPs and Threat Intel globally and have also the ability to think like an attacker. You like to innovate and suggest new and more efficient ways to automate and integrate security testing into DevOps processes.
- You are familiar with e.g. OWASP guidelines and open-source pentesting tools.
- You know how to integrate Cyber Security into the Infrastructure as Code-tools, Ansible, Kubernetes, Docker configurations, and automate security testing and auditing of those. You also know how to gain visibility (network, servers, applications) in the cloud environments, using tools like ELK-stack, VPC Flows and vulnerability monitoring tools.
- You consult our developers in Secure Software Development (SDLC) best practices, based on your previous experience in software development.
- You are open-minded and thrive for continuous improvement and smarter ways of achieving the goals set.
- You are also able to learn new techniques, tools and skills on the fly and under pressure, while still keeping calm and focused on the task at hand.
- You have a geeky mindset and hands-on tinkering attitude, and a passion for everything with ones and zeros.
- You preferably hold at least two or more relevant internationally recognized certifications from e.g.: GIAC, OSCP/E, ISC2, CEH, AWS, CCSK, ISACA, Linux Foundation
- Fluent English (written and spoken) mandatory, French, German or Italian an advantage.
- Valid working permit in EU.
Information Technology & Energy Services