Lead Offensive Security Researcher
Italy (Flexible)
Sysdig, Inc.
Sysdig is driving the standard for securing the cloud and containers. We created Falco, the open standard for cloud-native threat detection, and consistently contribute to open source software projects. We are passionate, technical problem-solvers, continually innovating and delivering powerful solutions to secure the cloud from source to run.
We value diversity and open dialog to spur ideas, working closely together to achieve goals. We’re an international company that understands how to cultivate a strong culture across a remote team. And we're a great place to work too — we've been named a Bay Area Best Place to Work by the San Francisco Business Times and the Silicon Valley Business Journal for three years now! We were recognized by Deloitte as one of the 500 fastest growing organizations in 2020 and 2021. We are looking for team members who have a passion for container and cloud security and are willing to dig deeper to help our customers. Does this sound like the right place for you?
What you will do
- Lead Sysdig’s offensive security research efforts in Linux, Cloud, Kubernetes, and OSS. The successful candidate will lead penetration testing and vulnerability research activities for the Sysdig Threat Research Team.
- With the assistance of the Sysdig Threat Research Team, help build a world-class offensive security program. Responsibilities will include identifying subjects to explore, developing processes and tools, and mentoring junior researchers.
- Perform vulnerability research and penetration testing on applications and services involved in the cloud ecosystem, such as IAM and authentication systems, code repositories and CI/CD facilities.
- Share findings with public sources, including blogs, reports, webinars, and other activities.
What you will bring with you
- 5+ years of experience as a penetration tester, red team, vulnerability researcher, or exploit developer
- Experience performing penetration testing on cloud, containers, web applications, and OSS projects
- Understanding of vulnerabilities including techniques, mitigations, and exploitation
- Strong understanding of Cloud-native ecosystems and architectures, for example, Kubernetes
- Programming experience in C, Python, Go, Javascript, or other modern languages
- Ability to write your own purpose-built tooling to solve unique problems
- Experience with penetration testing tools and frameworks, such as: BURP Suite, Metasploit, OWASP, Kali Linux, SQLMap, Atomic Red Team, and custom tools.
What we look for
- A sense of ownership and drive to create a world class cloud-focused offensive security research program
- Proven experience in attacking real-world applications or relevant participation in bug bounty programs
- Track record of published write-ups or equivalent contributions in offensive security, with strong technical writing ability
- Ability to set goals and come up with the process to reach them. The ideal candidate will be the Subject Matter Expert for offensive security at Sysdig
- A candidate who is excited about building something from the ground up and who is passionate about finding security vulnerabilities
Why work at Sysdig?
- We’re a well-funded startup that already has a large enterprise customer base
- We have a pragmatic, transparent culture, from the CEO down
- We have an organizational focus on delivering value to customers
- Our open source tools (https://sysdig.com/opensource/) are widely used and loved by technologists & developers
When you join Sysdig, you can expect:
- Competitive compensation including equity opportunities
- Flexible hours and additional recharge days
- Mental wellbeing support through Modern Health for you and your family
- Monthly wellness reimbursement
- Career growth
Some of our Hiring Managers are globally distributed, an English version of your most up to date CV will be highly appreciated!
#LI-SM1
#LI-Hybrid
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Burp Suite C CI/CD Cloud Exploit IAM JavaScript Kali Kubernetes Linux Metasploit Offensive security Open Source OWASP Pentesting Python Red team Threat detection Threat Research Vulnerabilities
Perks/benefits: Competitive pay Equity Flex hours Health care Startup environment Team events Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Security Operations Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open IT Security Analyst jobs
- Open Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open Security Researcher jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open Information System Security Officer (ISSO) jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open CI/CD-related jobs
- Open DevSecOps-related jobs