Offensive Security Researcher
Sysdig is the secure DevOps company, and we’re at the forefront of the container, Kubernetes, and cloud revolution. We are passionate, technical problem-solvers, continually innovating and delivering powerful solutions to confidently run cloud-native applications. Our consistent contributions to open source software projects reflect our commitment to the open cloud movement.
We value diversity and open dialog to spur ideas, working closely together to achieve our ambitious goals. And we're a great place to work too -- we were awarded the 2021 Bay Area Best Places to Work Award from San Francisco Business Times and the Silicon Valley Business Journal and Inc. We are looking for team members who share our commitment to customers and are willing to dig deeper, understand problems and deliver innovative solutions. Does this sound like the right place for you?
What you will do
- Improve Sysdig’s offensive security research efforts in Linux, Cloud, Kubernetes, and OSS. The successful candidate will conduct penetration testing and vulnerability research activities for the Sysdig Threat Research Team.
- With the assistance of the Sysdig Threat Research Team, help build a world-class offensive security program. Responsibilities will include identifying subjects to explore, developing processes and tools, and writing up any findings.
- Perform vulnerability research and penetration testing on applications and services involved in the cloud ecosystem, such as IAM and authentication systems, code repositories and CI/CD facilities.
- Share findings with public sources, including blogs, reports, webinars, and other activities.
What you will bring with you
- 3+ years of experience as a penetration tester, red team, vulnerability researcher, or exploit developer
- Experience performing penetration testing on cloud, containers, web applications, and OSS projects
- Understanding of application/API vulnerabilities including techniques, mitigations, and exploitation
- Strong understanding of Cloud-native ecosystems and architectures, for example, Kubernetes, AWS, Azure, or GCP
- Programming experience in C, Python, Go, Javascript, or other modern languages
- Ability to write your own purpose-built tooling to solve unique problems
- Experience with penetration testing tools and frameworks, such as: BURP Suite, Metasploit, OWASP, Kali Linux, SQLMap, Atomic Red Team, and custom tools.
What we look for
- Proven experience in attacking real-world applications or relevant participation in bug bounty programs
- Track record of published write-ups or equivalent contributions in offensive security, with strong technical writing ability
- Ability to set goals and come up with the process to reach them. The ideal candidate will become a Subject Matter Expert for offensive security at Sysdig
- A candidate who is excited about helping to build an offensive capability and who is passionate about finding security vulnerabilities
Why work at Sysdig?
- We’re a well-funded startup that already has a large enterprise customer base
- We have a pragmatic, approachable culture, from the CEO down
- We have an organizational focus on delivering value to customers
- Our open-source tools (https://sysdig.com/opensource/) are widely used and loved by technologists & developers
When you join Sysdig, you can expect:
- Competitive compensation including equity opportunities
- Flexible hours and additional recharge days
- Mental wellbeing support through Modern Health for you and your family
- Monthly wellness reimbursement
- Career growth
#LI-LP1
#LI-Hybrid