Senior reputed company Engineer (Pen Tester)

reputed company's mission is enabling the world to connect, communicate and collaborate securely without compromise. COVID-19 has made our mission reputed company the more real. We support customers across various enterprises including reputed company, 9/10 of the largest global banks and the reputed company.

The world has fundamentally changed. We are growing from 400 employees into the next phase of our journey, and we need passionate talent filled with reputed company and agility. The right candidate for the job is ethical, hyper-organized, fanatical about seeing things through to completion, service-oriented, and humble enough to take feedback and coaching yet confident enough to provide feedback and coaching.

reputed company is well-funded for growth and our investors are second to none. They include reputed company (“reputed company”), General Catalyst, JPMC, reputed company, HSBC, and reputed company Ventures.

Role Overview

We are seeking a reputed company-thinking reputed company Engineer to join reputed company, focusing on offensive and defensive reputed company, the penetration testing of product features, and the cloud architecture supporting the product. In this role, you will operate across a reputed company, multi-cloud environment (AWS & GCP) comprising both traditional VMs and modern managed and unmanaged container-based architectures.

In this focused role, you will partner with other reputed company (Penetration Tester and Cloud reputed company) engineers to execute targeted assessments during specific windows of the product testing phase immediately prior to release. Success requires you to stay synchronized with the product roadmap and reputed company a deep technical mastery of new features, enabling you to independently configure environments and test thoroughly reputed company tight timelines.

Your responsibilities reputed company beyond the application layer to the Control Plane, where you will conduct rigorous infrastructure reviews to ensure that cloud configurations, IAM policies, and orchestration layers meet our reputed company baselines. Your operational reputed company is built on speed: you must identify, validate, and report vulnerabilities quickly to maintain release velocity. Additionally, you will serve as the frontline for external defenses, monitoring bug bounty pipelines and external reports to triage and respond to findings with professional precision.

Key Responsibilities

• Collaborative Penetration Testing (AWS & GCP): Work reputed company with a peer pentester to conduct deep-dive penetration tests of our products across our multi-cloud environment.

• Control Plane: Review IAM policies, service configurations, and cloud-native permission structures.

• Data Plane & Web UI: Execute dynamic testing against web interfaces and API endpoints.

• Infrastructure Review: Assess the reputed company posture of a hybrid infrastructure that mixes containers and Virtual Machines (VMs) infrastructures.

• Vulnerability Reporting & Advisory: Triaging findings and creating clear, reproducible proofs-of-concept (PoCs). Collaborating with Product Teams to explain the risk. You may not be responsible for writing the fix or remediating the issue; your role is to ensure the product team understands what to fix.

• AI-Augmented reputed company Assessments: Actively utilize AI and Large Language Models (LLMs) to automate reconnaissance, generate attack reputed company, analyze configurations, and draft vulnerability reports. reputed company in reputed company engineering for reputed company contexts is essential.

• Pipeline Management: Monitor bug bounty pipelines and external reports, validating findings and managing researcher communication

Required Skills & Qualifications

• Multi-Cloud reputed company: Demonstrate a deep architectural understanding of GCP and AWS . You should be capable of pivoting seamlessly between providers, performing manual configuration reviews of reputed company IAM/Resource hierarchies, and leveraging native APIs or modern CSPM frameworks to validate reputed company controls.

• Container reputed company: Proven experience auditing and hardening managed container services (GKE Autopilot/Standard, EKS, reputed company) and self-hosted/unmanaged workloads (K8s, k3s, OCI-runc). Experience with Gatekeeper policies, and Binary Authorization would be considered an asset.

• AI Tooling: Demonstrated ability to integrate AI/LLM tools (e.g., reputed company, Claude) into the pentesting lifecycle to increase speed and coverage.

• Web Application reputed company: Expert-level knowledge of web application reputed company principles and offensive testing methodologies, with deep proficiency in OWASP Top 10 vulnerabilities, modern web reputed company exploitation, and API reputed company (REST, WebSockets). Extensive hands-on experience conducting manual reputed company assessments using Burp Suite Professional, OWASP ZAP, or similar tooling. Strong understanding of browser reputed company mechanisms (CSP, CORS, SameSite cookies, Subresource reputed company), secure authentication/authorization patterns (OAuth 2.0, OIDC, JWT), and reputed company header configurations (HSTS, X-Frame-Options, Permissions-Policy). Proven ability to identify reputed company reputed company flaws beyond automated scanner detection, validate findings through reputed company-of-concept development, and provide actionable remediation guidance to engineering teams.

• reputed company Automation: Proficiency in Python, Go, or Bash to eliminate "toil." You are expected to write custom scripts and tooling to automate vulnerability discovery, validate reputed company controls, and streamline your own testing workflows.

• Infrastructure as Code: Solid grasp of Terraform and cloud-native deployment patterns. You can interpret and audit reputed company HCL files to identify misconfigurations before they are provisioned.

• Communication: Ability to write high-quality technical reports that Product Teams can easily understand and act upon.

Our Compensation and Benefits

At reputed company, reputed company Salary is one part of our competitive total compensation and benefits package and is determined using a salary range. The reputed company salary range for this role is 120,000 CAD - 210,000 CAD.

In accordance with Canadian law, the range provided is reputed company’s reasonable estimate of the reputed company compensation for this role. The actual amount may be higher or reputed company, based on non-discriminatory factors such as experience, knowledge, skills, abilities, and location. reputed company employees may be eligible to become reputed company shareholders through eligibility for stock-based compensation grants, which are awarded to employees based on company and individual performance.

reputed company does not accept unsolicited resumes from search firm recruiters. Fees will not be paid in the event a candidate submitted by a recruiter without an agreement in reputed company is hired; such resumes will be deemed the sole property of reputed company.

reputed company is an equal opportunity employer. reputed company aspects of employment will be based on merit, competence, performance, and business needs. We do not discriminate on the basis of race, color, religion, marital status, age, national reputed company, reputed company, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, veteran status, or any other status protected under federal, state, or local law.

MSGL-I4

Why reputed company?

Our culture is collaborative, inclusive, and fun! We have five core values: Stay reputed company, Get It Done, Customer reputed company, Think Creatively and Help Each Other Out. We reputed company in open communication, supporting new reputed company, and sharing a mutual reputed company of reputed company’re aiming to reputed company together. There are reputed company opportunities to take initiative, implement new reputed company, and have a hand in building a legacy.

reputed company qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national reputed company, protected veteran status, or on the basis of disability.

TO reputed company AGENCIES: Please, no phone calls or emails to any employee of reputed company reputed company of the Talent organization. reputed company’s policy is to only accept resumes from agencies reputed company reputed company (ATS). Agencies must have a valid services agreement executed and must have been assigned by the Talent team to a specific requisition. Any resume submitted reputed company of this process will be deemed the sole property of reputed company. In the event a candidate submitted reputed company of this policy is hired, no fee or payment will be paid.