Sysdig is the secure DevOps company, and we’re at the forefront of the container, Kubernetes, and cloud revolution. We are passionate, technical problem-solvers, continually innovating and delivering powerful solutions to confidently run cloud-native applications. Our consistent contributions to open source software projects reflect our commitment to the open cloud movement.
We value diversity and open dialog to spur ideas, working closely together to achieve our ambitious goals. And we're a great place to work too -- we were awarded the 2021 Bay Area Best Places to Work Award from San Francisco Business Times and the Silicon Valley Business Journal and Inc . We are looking for team members who share our commitment to customers and are willing to dig deeper, understand problems and deliver innovative solutions. Does this sound like the right place for you?
What you will do
Improve Sysdig’s offensive security research efforts in Linux, Cloud, Kubernetes, and OSS. The successful candidate will conduct penetration testing and vulnerability research activities for the Sysdig Threat Research Team.
With the assistance of the Sysdig Threat Research Team, help build a world-class offensive security program. Responsibilities will include identifying subjects to explore, developing processes and tools, and writing up any findings.
Perform vulnerability research and penetration testing on applications and services involved in the cloud ecosystem, such as IAM and authentication systems, code repositories and CI/CD facilities.
Share findings with public sources, including blogs, reports, webinars, and other activities.
What you will bring with you
3+ years of experience as a penetration tester, red team, vulnerability researcher, or exploit developer
Experience performing penetration testing on cloud, containers, web applications, and OSS projects
Understanding of application/API vulnerabilities including techniques, mitigations, and exploitation
Strong understanding of Cloud-native ecosystems and architectures, for example, Kubernetes, AWS, Azure, or GCP
Programming experience in C, Python, Go, Javascript, or other modern languages
Ability to write your own purpose-built tooling to solve unique problems
Experience with penetration testing tools and frameworks, such as: BURP Suite, Metasploit, OWASP, Kali Linux, SQLMap, Atomic Red Team, and custom tools.
What we look for
Proven experience in attacking real-world applications or relevant participation in bug bounty programs
Track record of published write-ups or equivalent contributions in offensive security, with strong technical writing ability
Ability to set goals and come up with the process to reach them. The ideal candidate will become a Subject Matter Expert for offensive security at Sysdig
A candidate who is excited about helping to build an offensive capability and who is passionate about finding security vulnerabilities
Why work at Sysdig?
We’re a well-funded startup that already has a large enterprise customer base
We have a pragmatic, approachable culture, from the CEO down
We have an organizational focus on delivering value to customers
Our open-source tools ( https://sysdig.com/opensource/ ) are widely used and loved by technologists & developers
When you join Sysdig, you can expect:
Competitive compensation including equity opportunities
Flexible hours and additional recharge days
Mental wellbeing support through Modern Health for you and your family
Monthly wellness reimbursement
Career growth
Some of our Hiring Managers are globally distributed, an English version of your most updated Cv will be highly appreciated!
#LI-LP1
#LI-Hybrid
View Original Job Posting