Senior Red Team Penetration Tester
Singapore, Hong Kong, Poznan, London
Network Guard
We’re looking for innovative offensive security practitioners
If you’re passionate about security and privacy, and want to use your skills to help safeguard private, uncensored access for millions of customers, we’d love to speak with you. We provide a highly dynamic working environment where you’ll get to work with some of the best privacy and security focused individuals across multiple disciplines, where room for learning and growth are plentiful. As a senior individual contributor on our Red Team and Penetration Testing team, you’ll have a broad set of responsibilities including: (the mix will depend on your interests and skill-level).
- Prepare and execute penetration testing projects and/or red team engagements of our employee IT and production assets, either individually or as part of a team with members across various geographic locations such as Singapore, Hong Kong, Poland and London.
- We operate across a wide range of technologies, from client facing applications written in various languages for various platforms, to backend infrastructure and services, and router firmware. We provide an environment where you’ll be exposed to a wide range of technologies that form the backbone of many tech companies.
- You’ll need a strong white-box testing methodology and the ability to identify bugs in source code to go along with good organization and communication skills when delivering penetration tests of our applications and services.
- Work closely with the engineering teams to provide expert guidance and advice on remediation of identified vulnerabilities
- Create, develop, and implement tactics, techniques, and procedures (TTPs) to be used during red team engagements, which you will also be involved in
- Verify the existence of newly discovered vulnerabilities in our software stack, and develop novel attack vectors based on these
- Manage and support penetration testing services performed by outside vendors, from project inception, scoping, completion of the assessment, and finally, working with engineering teams to have the identified issues remediated
- Bring creative solutions to fruition for solving some of the complex security challenges faced by our organization
- Mentor, guide and support other team members using your strong technical knowledge
We're seeking demonstrated ability to:
- Identify vulnerabilities in web apps and web APIs by means of manual source code review, static code analysis, and/or fuzzing using tooling such as Burp Suite
- Identify vulnerabilities in Windows/Linux/macOS software by means of manual source code reviews, static code analysis, and/or fuzzing such as AFL
- Perform operating system security assessments and review how they interact with our applications, along with a review of hardening controls applied
- Proactively identify inefficiencies in the team’s workflow, suggest solutions and drive them to completion
- Mentor other team members and share your knowledge and findings with them
- [Optional] Identify vulnerabilities, misconfigurations and deviations from best practices within a cloud computing environment
- [Optional] Identify vulnerabilities, misconfigurations and deviations from best practices within Android and iOS applications
Preference will be given to candidates who possess strong assessment capabilities in any one domain and/or either the cloud or mobile assessment skills listed above.
-
Good knowledge of:
- Windows, Linux, ChromeOS, and macOS
- Mobile Penetration Testing on Android/iOS
- Implants, shells, Command and Control (C2) infrastructure
- TCP/IP, IDS/IPS, firewalls, WAF, and web content filtering
- Crypto: PGP, SSH, PKI
- AWS environments
- [Optional] Network equipment such as Cisco, Palo Alto, and Juniper
- Vulnerability identification and exploitation at levels up to OSCP, OSCE, OSWE
- Experience writing in languages such as: Python, bash, or Golang
- Experience in manual source code review and vulnerability research, with a preference for those with strong track record in this area (e.g. CTFs, bug bounty program activity, published CVEs)
- Interested in writing customs tools, wrappers, C2 infrastructure and agents to support internal red team and penetration testing capabilities
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Android APIs AWS Bash Burp Suite Cloud Code analysis Crypto Firewalls Golang IDS iOS IPS Linux MacOS Offensive security OSCE OSCP OSWE Pentesting PKI Privacy Python Red team Security assessment SSH TCP/IP TTPs Vulnerabilities Windows
Perks/benefits: Career development
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open Malware-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs