Senior Penetration Tester

About The Position

Requirements

• 5+ years of experience in penetration testing, application security, or security engineering.
• Proactive communication and engagement with stakeholders.
• Demonstrated impact using AI tools (models, agentic frameworks, et al) as force multipliers in security work.
• Proficiency in auditing and exploiting Go and Python services.
• Strong grasp of application security principles, authentication and authorization models, and common vulnerability patterns.
• Experience with vulnerability research, business logic flaws, and application-layer misuse patterns.
• Experience targeting AI/ML systems: prompt injection, tool/agent misuse, context and model exfiltration, and the broader stack (RAG pipelines, MCP servers, agentic frameworks).
• Working knowledge of cryptocurrency and blockchain security: custody and signing flows, wallet and key-management design, on-chain integrations, and misuse patterns specific to digital-asset movement (transfer validation, replay, signature handling, bridge/staking integrations).
• Familiarity with Linux systems, intrusion detection, and common log formats.
• Hands-on experience testing cloud environments (AWS, GCP, or similar) and container orchestration platforms (Docker, Kubernetes).
• Knowledge of network protocols (TCP/IP, DNS) and secure architecture best practices.
• Ability to work independently, structure and execute testing plans, and clearly communicate risk to technical and non-technical stakeholders.
• Comfort collaborating and documenting work asynchronously using tools like Slack, GitHub, and JIRA.
• This position is restricted to US citizens or lawful permanent residents due to legal requirements.

Nice To Haves

• Experience in the financial technology (fintech) industry or highly regulated environments.
• Passion for improving security through fixing—not just finding—vulnerabilities.
• Demonstrated history of challenging security assumptions and creatively solving complex problems.

Responsibilities

• Perform application security assessments, including code reviews (primarily Go and Python), design reviews, and manual penetration testing of web applications, services, and infrastructure.
• Build and operate AI-assisted tools (e.g. LLM-based code review, AI-driven fuzzing, agentic recon pipelines) to increase testing throughput and coverage.
• Conduct threat modeling for high-impact systems and articulate security risk in terms of business logic, fraud potential, and customer impact.
• Collaborate on the triage of bug bounty submissions.
• Validate critical vulnerabilities surfaced by automated tools and improve detection coverage through scripting and configuration.
• Work cross-functionally with engineers to mitigate issues, often contributing detection strategies, and occasionally direct code fixes (via pull requests).
• Research emerging threats, new technologies, and attack techniques to evolve offensive and defensive capabilities of AI/ML systems.
• Publish technical blog posts, speak at industry conferences, or share insights with the wider security community.
• Advocate for security and privacy across engineering and product development teams.

Benefits

• Challenging, high-impact work to grow your career
• Performance driven compensation with multipliers for outsized impact, bonus programs, equity ownership, and 401(k) matching
• Best in class benefits to fuel your work, including 100% paid health insurance for employees with 90% coverage for dependents
• Lifestyle wallet - a highly flexible benefits spending account for wellness, learning, and more
• Employer-paid life & disability insurance, fertility benefits, and mental health benefits
• Time off to recharge including company holidays, paid time off, sick time, parental leave, and more!
• Exceptional office experience with catered meals, events, and comfortable workspaces.