Senior Offensive Security Engineer
100% Remote (UK/EU*)
Applications have closed
Form3
Form3 are revolutionising the way payments work from channel to payment scheme. We have developed an enterprise-grade, managed, payment technology platform that integrates across multiple payment schemes, and connects into your payment systems...THE ROLE
We are expanding the Offensive Security Engineering team, meaning that there are many skill-sets and experiences required. Your place within the team will depend on your individual strengths and interests. To give you an idea of some of the areas that of expertise we are looking for an experienced Red Team Operator with a particular specialty in *nix and cloud environments.
Primary focus of this role will be to perform hands on offensive activities as part of Red Team engagements against Form3 endpoints, API and cloud assets. Some of the key projects/ workloads our team take on:
- Developing proof of concept exploits, C2 implants and profiles.
- Creating offensive security tools and implementing them to enhance our specific offensive security capabilities.
- Testing Kubernetes and cloud-native (AWS, GCP and Azure) distributed system architecture.
WHAT WE'RE LOOKING FOR
- Ability to analyse vulnerabilities, threats, procedures and architectural design, develop TTPs, produce reports and share intelligence.
- Three years minimal of offensive security experience in cloud-based environments (Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) in both private and public (AWS, GCP, Azure) environments) and in one or more of the following verticals: network penetration testing, application (web, mobile) penetration testing, Red Team operations, application security assessments, and network exploitation operations.
- Candidate should have the ability to perform targeted, covert penetration tests with vulnerability identification, exploitation, and post-exploitation activities with no or minimal use of automated tools.
- Strong understanding of the following: Windows/Linux/Unix/Mac operating systems; OS and software vulnerability and exploitation techniques; commercial or open-source offensive security tools for reconnaissance, scanning, exploitation, and post exploitation (e.g. Mythic C2, Metasploit, Burp Suite); networking fundamentals (all OSI layers, protocols); Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) providers in both private and public (AWS, GCP, Azure) environments; DevOps; CI/CD pipeline, incident response; threat hunting; and familiarity with interpreting log output from networking devices, operating systems, and infrastructure services.
- Strong programming skills, we are flexible on languages, we use Go as our main language for production so a willingness or interest to learn Go is fundamental. In security we write our own scripts for automation in Go, Python and other languages while contributing to open-source tools so we can utilise them.
- Technical knowledge or experience developing proof of concept exploits and in house scripting, using interpreted languages such as Python, Ruby, or Perl, compiled languages such as Golang, Rust, C/C++, Swift, Objective-C or Java, and security tools or technology such as Firewalls, IDS/IPS, Web Proxies, DLP and the ability to articulate and visually present complex penetration testing and Red Team results is highly desirable.
- Familiarity with macOS, Linux, containerisation and microservices architecture security concepts is also crucial to being successful in this role.
- Knowledge of Kubernetes, securing clusters and meshes (Cilium is preferable), networking best practices and RBAC implementation (CKA, CKS qualifications are a plus).
- Container security knowledge including container image provenance (Sigstore and Notary as examples) with an in-depth knowledge of container runtimes/ Docker, the security controls and best practice that surround microservice architectures.
- 30 days holidays plus public holidays
- 100% remote work
- Flexible working arrangements
- Statutory benefits
- Health & wellness allowance
- Remote working equipment allowance
- Primary caregiver leave
- Learning days, Udemy and educational reimbursement etc.
- Mental Health support via Spill
- Perlego subscription
- Full details available on our careers page
We are able to accept applications from the following countries; Belgium, Czech Republic, France, Germany, Greece, Hungary, Ireland, Netherlands, Spain, Poland, Portugal, Romania & United Kingdom. ABOUT US We are an award-winning cloud-native payment technology provider for financially regulated institutions. Launched in 2016, we've doubled in size year on year as we continue to redefine what a truly instant payment experience means.We celebrate diversity, promote entrepreneurialism and are committed to giving everyone a say in shaping our business. Here you will grow as a person and accomplish incredible things. A career at Form3 is empowering, inspiring and fun. Join us and help shape the future of payments.
OUR DEI&B COMMITMENT
We hire talented people from a variety of backgrounds and experiences and are committed to a work environment based on diversity, open-mindedness and curiosity. We’re united by our company values (we even created them together!) and we celebrate our unique differences.
Our employee lifecycle processes are designed to embrace equal opportunity and prevent discrimination against our people regardless of personal characteristics. It is our strong belief that the more inclusive and belonging we are as a business, the better our work will be.
As an inclusive employer, we guarantee to interview all neurodiverse and physically disabled applicants who meet the minimum criteria for this role. We also encourage candidates to notify us of any reasonable adjustments that may be required during the recruitment process. This includes providing job adverts in alternative, accessible formats or adjustments required at interview stage.
If you consider yourself to be neurodiverse or physically disabled under the UN definition of disability and would like to be considered under this scheme and/or require any reasonable adjustments please let us know by sending an email to careers@form3.tech clearly stating your consent for us to process this data.
For more information please refer to our Recruitment Data Policy.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: APIs Application security Automation AWS Azure Burp Suite C CI/CD Cloud DevOps Docker Exploits Firewalls GCP Golang IaaS IDS Incident response IPS Java Kubernetes Linux MacOS Metasploit Microservices Offensive security PaaS Pentesting Perl Python Red team Ruby Rust Scripting Security assessment TTPs UNIX Vulnerabilities Windows
Perks/benefits: Career development Flex hours Health care Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs