Senior Red Team Penetration Tester
Singapore, Hong Kong, Poznan, Bucharest
ExpressVPNTop-rated VPN for 2022. Private and secure internet access worldwide, on any device. 24/7 support. Try 30 days risk-free.
We’re looking for innovative offensive security practitioners
If you’re passionate about security and privacy, and want to use your skills to help safeguard private, uncensored access for millions of customers, we’d love to speak with you. We provide a highly dynamic working environment where you’ll get to work with some of the best privacy and security focused individuals across multiple disciplines, where room for learning and growth are plentiful. As a senior individual contributor on our Red Team and Penetration Testing team, you’ll have a broad set of responsibilities including: (the mix will depend on your interests and skill-level).
- Prepare and execute penetration testing projects and/or red team engagements of our employee IT and production assets, either individually or as part of a team with members across various geographic locations such as Singapore, Hong Kong, Poland and London.
- We operate across a wide range of technologies, from client facing applications written in various languages for various platforms, to backend infrastructure and services, and router firmware. We provide an environment where you’ll be exposed to a wide range of technologies that form the backbone of many tech companies.
- You’ll need a strong white-box testing methodology and the ability to identify bugs in source code to go along with good organization and communication skills when delivering penetration tests of our applications and services.
- Work closely with the engineering teams to provide expert guidance and advice on remediation of identified vulnerabilities
- Create, develop, and implement tactics, techniques, and procedures (TTPs) to be used during red team engagements, which you will also be involved in
- Verify the existence of newly discovered vulnerabilities in our software stack, and develop novel attack vectors based on these
- Manage and support penetration testing services performed by outside vendors, from project inception, scoping, completion of the assessment, and finally, working with engineering teams to have the identified issues remediated
- Bring creative solutions to fruition for solving some of the complex security challenges faced by our organization
- Mentor, guide and support other team members using your strong technical knowledge
We're seeking demonstrated ability to:
- Identify vulnerabilities in web apps and web APIs by means of manual source code review, static code analysis, and/or fuzzing using tooling such as Burp Suite
- Identify vulnerabilities in Windows/Linux/macOS software by means of manual source code reviews, static code analysis, and/or fuzzing such as AFL
- Perform operating system security assessments and review how they interact with our applications, along with a review of hardening controls applied
- Proactively identify inefficiencies in the team’s workflow, suggest solutions and drive them to completion
- Mentor other team members and share your knowledge and findings with them
- [Optional] Identify vulnerabilities, misconfigurations and deviations from best practices within a cloud computing environment
- [Optional] Identify vulnerabilities, misconfigurations and deviations from best practices within Android and iOS applications
Preference will be given to candidates who possess strong assessment capabilities in any one domain and/or either the cloud or mobile assessment skills listed above.
Good knowledge of:
- Windows, Linux, ChromeOS, and macOS
- Mobile Penetration Testing on Android/iOS
- Implants, shells, Command and Control (C2) infrastructure
- TCP/IP, IDS/IPS, firewalls, WAF, and web content filtering
- Crypto: PGP, SSH, PKI
- AWS environments
- [Optional] Network equipment such as Cisco, Palo Alto, and Juniper
- Vulnerability identification and exploitation at levels up to OSCP, OSCE, OSWE
- Experience writing in languages such as: Python, bash, or Golang
- Experience in manual source code review and vulnerability research, with a preference for those with strong track record in this area (e.g. CTFs, bug bounty program activity, published CVEs)
- Interested in writing customs tools, wrappers, C2 infrastructure and agents to support internal red team and penetration testing capabilities
When it comes to hiring processes, “rigorous” and “opaque” are often mistakenly conflated. For us, it’s always a mutual exchange, so we think it’s important that candidates have a clear understanding of the process and what we’re looking for. Learn more about the hiring process by visiting our careers page.
Health and happiness go hand in hand, and we make every effort to support our team members in all facets of their lives—both inside and outside the office. Learn more about our employee benefits by visiting our careers page.
Before you apply
- At the moment, we do not sponsor visas in the UK and the EU. For Hong Kong, we require at least two years of working experience and a university degree in a related field. For Singapore, we can only sponsor visas for mid-career or above.
- Please upload your resume as a PDF and do not include any salary or compensation information in it.
ExpressVPN is one of the world’s leading providers of online privacy and security services for consumers. Started in 2009, we’ve grown to have millions of active paying customers, a team of more than 700 people worldwide, and a brand recognized by hundreds of millions of people in 18 languages and more than a hundred countries. We see huge growth in our industry, and are gaining market share through strong execution.
* Salary range is an estimate based on our salary survey at salaries.infosec-jobs.com
Tags: Android AWS Bash Burp Suite Cloud Code analysis Crypto Go Golang IDS iOS IPS Linux MacOS Offensive Security OSCE OSCP OSWE Penetration testing PKI Privacy Python Red team Security assessments TCP/IP TTPs Vulnerabilities Windows
Explore more Cyber Security career opportunities
Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cybersecurity in general, filtered by job title or popular skill, toolset and products used.
- Open Senior Security Operations Engineer jobs
- Open Penetration Tester jobs
- Open Senior Infrastructure Security Engineer jobs
- Open Security Operations Analyst jobs
- Open Application Security Engineer/Architect jobs
- Open Head of Information Security jobs
- Open Senior Security Analyst jobs
- Open Sr. Security Engineer jobs
- Open SOC Analyst jobs
- Open Staff Security Engineer jobs
- Open Lead Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Offensive Security Engineer jobs
- Open Information System Security Officer (ISSO) jobs
- Open Security Researcher jobs
- Open Senior Information Security Engineer jobs
- Open Staff Application Security Engineer jobs
- Open Information Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Cloud Security Operations Lead jobs
- Open Security Consultant jobs
- Open Security Engineer II jobs
- Open Cloud Security Automation Specialist jobs
- Open Senior Threat Intelligence Analyst jobs
- Open Azure Security Engineer jobs
- Open GCP-related jobs
- Open Kubernetes-related jobs
- Open Analytics-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Clearance-related jobs
- Open Audits-related jobs
- Open Agile-related jobs
- Open Threat intelligence-related jobs
- Open PCI-related jobs
- Open OWASP-related jobs
- Open Forensics-related jobs
- Open IDS-related jobs
- Open CISM-related jobs
- Open Governance-related jobs
- Open CISA-related jobs
- Open Ruby-related jobs
- Open DevSecOps-related jobs
- Open ISO 27001-related jobs
- Open Open Source-related jobs
- Open Encryption-related jobs
- Open Security assessments-related jobs
- Open GDPR-related jobs