About the company
Figment is the world’s leading provider of blockchain infrastructure. We provide the most comprehensive staking solution for our over 200+ institutional clients including exchanges, wallets, foundations, custodians, and large token holders to earn rewards on their crypto assets. These clients rely on Figment’s institutional staking service including rewards optimization, rapid API development, rewards reporting, partner integrations, governance, and slashing protection. Figment is backed by industry experts, financial institutions and our global team across twenty three countries. This all leads to our mission to support the adoption, growth and long term success of the Web3 ecosystem. We are a growth stage technology company – looking for people who are builders and doers. People who are comfortable plotting their course through ambiguity and uncertainty to drive impact and who are excited to work in new ways and empower a generative company culture.
Job Summary
Responsibilities
đź“ŤDocument processes, procedures, and workflows for red team operations. đź“ŤPerform a full range of red team activities including network intrusion, cloud and development pipeline exploitation, web and application testing, source code reviews, threat analysis, and detection evasion techniques. đź“ŤDevelop comprehensive and accurate reports and presentations for both technical and executive audiences. đź“ŤCollaborate with seniors in the security team to enhance the red team strategy and improve the company's security posture. đź“ŤEffectively communicate findings and strategies to stakeholders, including technical staff, executive leadership, and legal counsel. đź“ŤProvide practical and risk-appropriate recommendations to address vulnerabilities. đź“ŤConfigure and safely use attacker tools, tactics, and procedures in Figment environments. đź“ŤEnhance Figment's red teaming processes by developing and improving scripts, infrastructure, tools, and methodologies. đź“ŤOffer recommendations and guidance to enhance the defensive capabilities of the team and its ability to defend the Figment Enterprise. đź“ŤProvide mentoring and training to blue team members and actively participate in cross-team security exercises. đź“ŤProvide technical expertise and support during incident response and assist in creating post-incident action plans.
Qualifications
📍You’ll need to have: 📍Bachelor's degree or four or more years of work experience 📍Experience in cloud-based exploitation or security assessments 📍Experience in network penetration testing and manipulation of network infrastructure. 📍Experience in API and web application assessments. 📍Experience in scripting and automation of simple tasks using Bash, Python, or similar 📍Experience developing, extending, or modifying exploits, shellcode or exploit tools. 📍Experience with container orchestration management tools such as Docker and Kubernetes. 📍Experience with source code review for control flow and security flaws. 📍Experience with red, blue, or purple teaming exercises. 📍Strong knowledge of offensive security and pentesting tooling such as Kali Linux, Burp Suite, Mythic C2, and other open source tools. 📍Strong technical writing.