Security Engineer

Who we are?

It’s time to turn on bright mode. Let’s meet!

We are a software company that produces niche technologies with an innovative, dynamic, and added-value understanding to the leading companies in its field, serving in different sectors in Turkey and abroad. For starters, the first thing you should know is that Crs is an umbrella organization. Our e-transformation brand, e-dünya, offers digital solutions on a single platform. Our game brand Corvus Jay provides players of all ages and backgrounds with captivating, humorous, and artistic games that transcend the ordinary and deliver unforgettable experiences with its open-minded, humorous, creative, and vibrant world of pop art. We are excited to expand our investment areas and the sectors we are involved in. Our focus is on innovative research, exploring Big Data Processing, AI, machine learning, and game development. As one of the top 500 IT companies in Turkey, we are one of the fastest-growing technology companies selected by Deloitte Turkey for the 6th time in a row. Our route is always the same, the future!

Job Description

• As a Security Engineer, you will be our internal "ethical hacker." Your mission is to find vulnerabilities before the bad guys do and help us build bulletproof technologies.

You will:

• Execute end-to-end penetration tests on web applications, mobile apps (iOS/Android), and network infrastructure.
• Conduct regular vulnerability assessments and security scans using both automated tools and manual techniques.
• Review source code (SAST/DAST) to identify security flaws in early development stages (C#, JavaScript, etc.).
• Develop and implement exploit proofs to demonstrate the impact of discovered vulnerabilities.
• Evaluate detection capabilities by validating security alerts through simulated attack scenarios.
• Collaborate with developers to provide clear, actionable remediation guidance and verify fixes.
• Automate security testing by integrating tools into our CI/CD pipelines (DevSecOps).
• Stay ahead of the curve by researching the latest threats, zero-day vulnerabilities, and bypass techniques.
• Draft detailed technical reports for both technical teams and management, outlining risks and mitigation strategies.

Experience & Skills

• BS degree in Computer Engineering, Cyber Security, or a related field.
• Experience in Penetration Testing and Vulnerability Management.
• Expertise with offensive security tools: Burp Suite Professional, Metasploit, Nmap, Nessus, SQLmap, and Kali Linux.
• Deep understanding of OWASP Top 10 and SANS Top 25 vulnerabilities.
• Hands-on experience with network security (Firewalls, IDS/IPS, WAF, VPNs).
• Scripting skills (Python, Bash, or PowerShell) to develop custom exploits or automation scripts.
• Familiarity with Cloud Security (Azure/AWS) and container security (Docker, Kubernetes) from an offensive perspective.
• Relevant certifications (e.g., OSCP, eJPT, or GPEN) are a huge plus.
• Strong analytical thinking and a "hacker mindset" — the ability to think outside the box.
• Good command of English to follow global security trends and documentation.

Perks & Benefits

• Buffet breakfast in the office every morning
• Comprehensive private health insurance package
• Meal card & commute compensation,
• Lots of events and celebrations (check out @crssoft on Instagram)
• Education fund to support learning and development opportunities
• Paid birthday off to spend time with your loved ones
• A gift book on your birthday
• All the technical equipment and licenses you need
• Interviews and Q&A sessions with experts
• Marriage leave (5 days)
• No dress code!

Join Us

Work hard play hard.😊 At Crs Soft, we benefit from the power of technology and science, and we achieve the best with our creative and innovative team. Lifelong learning, open-mindedness and leadership are part of our culture. We celebrate all our achievements and special moments together, and we know how to have fun.