BESTSECRET is the leading European online destination for premium and luxury off-price fashion. The Group offers its members in 28 countries across Europe a superior brand portfolio complemented by a high-end shopping experience. At the same time, BESTSECRET enables its brand partners to clear overstock at scale with minimum visibility and maximum brand equity protection. The unique business model is based on its closed character with an invitation-only customer membership, longstanding brand partner and customer relationships, combined with a tech-focused mindset. BESTSECRET has a strong track record of profitable growth over many years. It generated revenues of EUR 1,533.7 million in 2025 and employs around 2,200 people from over 90 nations. The Group draws on a heritage of 100 years in the textile and fashion industry and today is owned by Permira Funds and the founding families Schustermann and Borenstein.
BESTSECRET is the leading European online destination for premium and luxury off-price fashion. The Group offers its members in 28 countries across Europe a superior brand portfolio complemented by a high-end shopping experience. At the same time, BESTSECRET enables its brand partners to clear overstock at scale with minimum visibility and maximum brand equity protection. The unique business model is based on its closed character with an invitation-only customer membership, longstanding brand partner and customer relationships, combined with a tech-focused mindset. BESTSECRET has a strong track record of profitable growth over many years. It generated revenues of EUR 1,533.7 million in 2025 and employs around 2,200 people from over 90 nations. The Group draws on a heritage of 100 years in the textile and fashion industry and today is owned by Permira Funds and the founding families Schustermann and Borenstein.
We are looking for a Senior Application Security Specialist / Penetration Tester (all genders) to strengthen our internal security testing capabilities. In this role, you will work hands-on across penetration testing, application security assessments, targeted code reviews, and security consulting for development teams.
The scope covers modern environments including web applications, APIs, mobile apps, Java backend systems, microservices, Azure, Kubernetes, CI/CD pipelines, and AI-assisted development workflows.
The goal is to identify and prevent vulnerabilities early, improve secure engineering practices, and enable fast and secure delivery—without introducing unnecessary bureaucracy or acting as a release gate.
Your Qualifications
-
Proven hands-on penetration testing experience across web applications, APIs, mobile apps, backend services, and cloud-native environments
-
Strong application security expertise beyond common frameworks, including business logic flaws, access control issues, SSRF, injection, and privilege escalation
-
Practical experience in securing Java applications, ideally with Spring / Spring Boot
-
Experience in testing microservices and distributed systems, including API gateways, identity propagation, and secrets management
-
Solid understanding of cloud-native platforms (Azure, Kubernetes, containers, infrastructure as code) and CI/CD security controls (SAST, DAST, SCA, etc.)
-
Ability to review source code and communicate findings clearly with pragmatic, risk-based remediation guidance
Your Profile
-
Hands-on, attacker-oriented mindset with a focus on identifying complex vulnerabilities
-
Strong ability to assess real-world exploitability and business impact
-
Clear and structured communication skills when working with developers and stakeholders
-
Pragmatic, solution-oriented approach without introducing unnecessary process overhead
-
Interest in modern development practices, including AI-assisted coding and related security risks
-
Continuous learning mindset with awareness of emerging threats, tools, and techniques in application and cloud security
#LI-MT1; #LI-HybridMalaga
At BESTSECRET, diversity isn't just a trend – it's our professional philosophy. We are dedicated to cultivating an inclusive workplace where everyone's unique talents and backgrounds are celebrated. Applicants from all backgrounds, experiences and perspectives are welcome to join us in our mission towards a more vibrant and inclusive future.
At BESTSECRET, diversity isn't just a trend – it's our professional philosophy. We are dedicated to cultivating an inclusive workplace where everyone's unique talents and backgrounds are celebrated. Applicants from all backgrounds, experiences and perspectives are welcome to join us in our mission towards a more vibrant and inclusive future.