We’re looking for innovative offensive security practitioners

Join our security team and help secure our company through security assessments and red teaming. We perform engagements on the internal infrastructure, software and services to ensure we are operating in a secure environment.

Responsibilities

As an individual contributor on our Red Team and Penetration Testing team, you’ll have a broad set of responsibilities including: (the mix will depend on your interests and skill-level)

  • Prepare and execute red team exercises and/or penetration testing projects individually or as part of a team with members across various geographic locations such as Hong Kong and Singapore and remote workers
  • Create, develop, and implement tactics, techniques, and procedures (TTPs)
  • Develop novel attack vectors based on newly discovered vulnerabilities
  • Develop home-grown software solutions and utilities for computer network attack (CNA) and computer network defense (CND)
  • Apply industry standards and best practices including the Penetration Testing Execution Standard (PTES) and the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Framework
  • Manage penetration testing services performed by outside vendors
  • Perform red teaming of our security measures of both our employee IT and production assets
  • Perform penetration testing of our employee IT and production assets, including our applications and internal production services

Requirements

  • Demonstrated ability to: 
  • Identify vulnerabilities in web apps and web APIs by means of manual source code review, static code analysis, and/or fuzzing using tooling such as Burp Suite
  • Identify vulnerabilities in Windows/Linux/macOS software by means of manual source code reviews, static code analysis, and/or fuzzing such as AFL
  • Perform operating system security assessments, review of hardening controls
  • Advanced experience writing in languages such as: Python, bash, or Golang
  • Interested in writing customs tools, wrappers, C2 infrastructure and agents to support internal red team and penetration testing capabilities
  • Advanced knowledge of:
    • Windows, Linux, ChromeOS, and macOS
    • Implants, shells, Command and Control (C2) infrastructure
    • TCP/IP, IDS/IPS, firewalls, WAF, and web content filtering
    • Crypto: PGP, SSH, PKI
    • Network equipment such as Cisco, Palo Alto, and Juniper
    • AWS environments
    • Vulnerability identification and exploitation at levels up to OSCP Certified Professional

What we offer

  • Challenging work in a fun and collaborative environment
  • Attractive compensation and time-off benefits
  • Spacious open-concept and centrally located offices
  • Full-time employment with flexible working hours
  • Fully stocked pantry with fresh fruit and snacks
  • Team lunches and company events every quarter
  • Multicultural teams represented by 30+ nationalities
  • Reports initially to the Cybersecurity Manager and then to the Lead Red Team/Penetration Tester

Note: Please upload your resume as a PDF and do not include any salary or compensation information in it.

About Us

For more than 11 years, we’ve paved the way towards a more private and secure digital world. We’re a global SaaS company and an industry leader in cybersecurity. Millions of consumers worldwide use our internet privacy and security products every day.

Our team of over 800 employees spans the planet. Team members work from major international hubs like London, Hong Kong, Singapore, Tokyo, Toronto, Taiwan, Poznań, and more.

We’re profitable, and we’re growing. Right now, we’re hiring talent across all functions: software development and engineering, product, data analytics, marketing, content, and people.

We’d love you to join us and be part of the team.