About the Role
As a senior member of the Figment Security Management Red Team, you will be responsible for participating and leading the design and execution of campaign-based security testing for Figment, covering multiple types of targets. Successful applicants must be capable of evaluating environments, applications, systems, or processes to discover weaknesses, and subsequently leverage those discoveries into actionable real world attack strategies.
You will utilize knowledge of security of operating systems, networking and protocols, firewalls, databases and middleware applications, forensics, scripting, and programming to actively test, mentor and lead technical testers and effectively translate highly technical information to internal customers in a way that supports CIS and broader Figment goals. You will support fellow security and platform engineers, and application developers with remediation recommendations and validation of corrective actions.
- Document processes, procedures, and workflows for Red Team operations.
- Perform and lead a full scope of Red Team testing, including network penetration and web application testing, source code reviews, threat analysis, social-engineering testing, and IDS/IPS/HIDS/HIPS evasion techniques.
- Develop comprehensive and accurate reports and presentations for both technical and executive audiences.
- Work with senior leadership to define the Red Team strategy to further enhance the company’s security posture. Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel.
- Provide risk-appropriate and pragmatic recommendations to correct vulnerabilities found.
- Configure and safely utilize attacker tools, tactics, and procedures for Figment environments.
- Develop scripts, tools, or methodologies to enhance Figment’s red teaming processes.
- Assist with scoping and leading exercises.
- Drives technical oversight and mentors less experienced staff during penetration and analysis efforts.
- Provides leadership and guidance to advance the defensive capabilities of the team and its subsequent ability to defend the Figment Enterprise.
- Provide mentoring and training to Blue Team members. Lead, develop, and participate in cross team security exercises.
- Conduct assessments for critical and zero-day vulnerabilities and develop mitigation plans when appropriate.
- Provide support and technical expertise to security and platform engineers, application developers in remediation efforts.
- Provide support and technical expertise during incident response and assist with post incident action plan creation.
What we’re looking for...
You’ll need to have:
- Bachelor's degree or four or more years of work experience
- Experience in network penetration testing and manipulation of network infrastructure including thorough understanding of network protocols, data on the wire, and covert channels.
- Experience in web application assessments.
- Experience in email, phone, or physical social-engineering assessments.
- Experience in shell scripting or automation of simple tasks using Perl, Python, or Ruby.
- Experience developing, extending, or modifying exploits, shellcode or exploit tools.
- Experience with source code review for control flow and security flaws.
- Experience with Red, Blue, or Purple teaming exercises.
- Strong knowledge of tools used for web application, and network security testing, such as Kali Linux, Metasploit, Burp suite, Core Impact, Cobalt Strike, Nessus, Web Inspect, and Scuba.
- Solid understanding of common hosting environments such a containerization platform (e.g., Docker and Kubernetes) and virtual machines running under hypervisors.
- Strong technical writing.
- Industry certifications such as OSCP/OSCE, OSWE, GPEN, GCIH, GWAPT, or GXPN.
Even better if you have:
- A degree in a technical field.
- An implementation level familiarity with all common classes of modern exploitation such as: XSS, XMLi, SQLi, etc.
- Mastery of Unix/Linux/Mac operating systems, including bash and Python.
- Programming skills as well as the ability to read and assess applications written multiple languages, such as JAVA, .NET, C#, or others.
- Solid understanding of public cloud environments including AWS, Azure and Google.
- Understanding of security risks for block chain and crypto.
One of Figment’s core principles is “Making the Invisible Visible” - ensuring transparency and information sharing in all communication. Figment is committed to transparency regarding pay, benefits, and other compensation types for all internal roles as well as all roles being hired for.
Base Salary: The US base salary range for this position is USD $150-190k. The Canadian base salary range for this position is CAD $150-190k. This range reflects base salary only, and does not include additional compensation or benefits. For candidates in other countries, the pay range will be disclosed upon your first interview with Figment (being a globally remote company, the list of salary ranges would simply be too long to note here!). The range displayed reflects the minimum and maximum range for a new hire across all of the US or Canada. A candidate’s specific pay within the range will be determined by various factors including job-related skills, relevant education, and training.
Benefits: All employees of Figment receive the following competitive benefits. For candidates beyond Canada and the US, benefits will be outlined during your first interview with Figment.
- 100% remote-first environment, with co-working spaces in our employee “hubs” across the globe for those who enjoy a hybrid model
- 4 weeks of PTO that kick in day one, with an additional 1 week of flex days
- Extended company-paid health benefits that kick in day one
- Best in class parental leave and flexible arrangements
- A home office stipend to create a space that you enjoy working in
- Monthly Wifi reimbursement
- A yearly Learning & Development budget
- 401K (US) or RRSP match (Canada)
- Stock Options in the company
- Competitive bonus (based on company performance) that is distributed quarterly - we believe that the company’s success should be shared with our employees often
- For roles listed within the Sales Department, there is instead a competitive commissions structure which will be outlined during your first interview with Figment
- In the spirit of being in the Web3 space, a discretionary annual Cryptocurrency bonus
- Annual onsite company gatherings and retreats to inspire team bonding, collaboration, and fun!
- A culture of honesty, professionalism and risk taking in a high-growth environment