About the Role

What you’ll be doing:

• Conduct internal penetration testing engagements on web and mobile applications and services.
• Document and report findings from security assessments and pentests.
• Collaborate with engineering teams to prioritize and remediate known vulnerabilities.
• Participate in the triage and validation of bug bounty submissions.
• Contribute to the development of security tools and automation.
• Contribute to the development and improvement of security testing methodologies.
• Provide on-call support for product security incidents.
• Participate in red team activities to identify weaknesses in security controls, as well as network and application-level security boundaries.

What we look for in you:

• A Bachelor’s degree in Computer Science, Computer Engineering, or a related field.
• Relevant security certifications (e.g., OSCP, GPEN).
• Experience in programming languages such as Go, JavaScript, Python or Ruby.
• Knowledge of common vulnerabilities (e.g., OWASP Top 10, SANS Top 25)
• Excellent communication skills to effectively communicate with researchers and internal teams.
• Ability to work independently and take ownership of deliverables.

Nice to haves:

• Experience performing red team activities of company products and services.
• Experience pentesting AI products and features.
• Experience in Web3 security, network security and/or cloud security.