Were looking for a Pentest Product Associate to join our Product team and help expand the power of our company.
In this pivotal role, you will be the primary operator of our cutting-edge AI-driven Dynamic Application Security Testing (DAST) agent while simultaneously innovating detection mechanisms for cloud-native technologies.
You will bridge the gap between automated AI testing and cloud infrastructure, defining the "rules of engagement" for our agents to ensure they effectively simulate sophisticated attacks and accurately classify the modern attack surface.
WHAT YOULL DO
Engineer Detection & Attack Logic: Develop advanced detection algorithms to classify cloud technologies while fine-tuning the attack policies that define how our agents identify and exploit vulnerabilities.
Validate Complex Findings: Analyze cloud services, APIs, and log payloads to review complex attack paths, reducing false positives and ensuring compliance with industry standards.
Research Novel Threats: Stay at the forefront of novel attack vectors and emerging cloud/API threats, translating new techniques into executable behaviors for the company DAST engine.
Drive Product Evolution: Collaborate directly with Research, Backend, and R&D teams to turn operational insights into feature requests, positioning our company as the market leader in vulnerability management.
In this pivotal role, you will be the primary operator of our cutting-edge AI-driven Dynamic Application Security Testing (DAST) agent while simultaneously innovating detection mechanisms for cloud-native technologies.
You will bridge the gap between automated AI testing and cloud infrastructure, defining the "rules of engagement" for our agents to ensure they effectively simulate sophisticated attacks and accurately classify the modern attack surface.
WHAT YOULL DO
Engineer Detection & Attack Logic: Develop advanced detection algorithms to classify cloud technologies while fine-tuning the attack policies that define how our agents identify and exploit vulnerabilities.
Validate Complex Findings: Analyze cloud services, APIs, and log payloads to review complex attack paths, reducing false positives and ensuring compliance with industry standards.
Research Novel Threats: Stay at the forefront of novel attack vectors and emerging cloud/API threats, translating new techniques into executable behaviors for the company DAST engine.
Drive Product Evolution: Collaborate directly with Research, Backend, and R&D teams to turn operational insights into feature requests, positioning our company as the market leader in vulnerability management.
Requirements:
1+ years of hands-on experience in AppSec or penetration testing, including proficiency with enterprise tools like Burp Suite, OWASP ZAP, or Acunetix.
Solid knowledge of networking concepts, the OSI model, and cloud infrastructure (AWS, Azure, or GCP).
Hands-on experience with Linux, Windows, Docker, Kubernetes, and a strong command of web protocols (HTTP/S, REST, GraphQL) and auth mechanisms (OAuth, SAML).
Proficiency in scripting languages such as Python, Bash, or Go to automate security tasks and interact directly with the codebase.
An analytical mindset with the ability to diagnose complex logs and scans to distinguish between tool failures, configuration issues, and valid security findings.
Self-motivated with the ability to work collaboratively and communicate high-stakes security concepts effectively across teams.
BONUS POINTS
Knowledge of AI/ML and how LLMs or reinforcement learning agents operate within a cybersecurity context.
SaaS and cloud experience with familiarity in AWS, Azure, or GCP environments and modern cloud-native architectures.
A red teaming background with experience in simulated adversarial attacks and bypassing standard WAF or security controls.
1+ years of hands-on experience in AppSec or penetration testing, including proficiency with enterprise tools like Burp Suite, OWASP ZAP, or Acunetix.
Solid knowledge of networking concepts, the OSI model, and cloud infrastructure (AWS, Azure, or GCP).
Hands-on experience with Linux, Windows, Docker, Kubernetes, and a strong command of web protocols (HTTP/S, REST, GraphQL) and auth mechanisms (OAuth, SAML).
Proficiency in scripting languages such as Python, Bash, or Go to automate security tasks and interact directly with the codebase.
An analytical mindset with the ability to diagnose complex logs and scans to distinguish between tool failures, configuration issues, and valid security findings.
Self-motivated with the ability to work collaboratively and communicate high-stakes security concepts effectively across teams.
BONUS POINTS
Knowledge of AI/ML and how LLMs or reinforcement learning agents operate within a cybersecurity context.
SaaS and cloud experience with familiarity in AWS, Azure, or GCP environments and modern cloud-native architectures.
A red teaming background with experience in simulated adversarial attacks and bypassing standard WAF or security controls.
This position is open to all candidates.
