Intermediate Security Engineer, Red Team

Summary

Join Jane's Cybersecurity team as a Security Engineer, Red Team, contributing to red team activities, bug bounty program support, and fostering security awareness. This remote-first role offers growth in offensive security within a supportive and inclusive environment. You will perform penetration testing, vulnerability assessments, and assist in improving Jane's bug bounty program. The role requires collaboration with various teams and staying current on offensive security trends. Jane offers a competitive salary range of $95,100 to $142,600 annually, with a target starting salary of $118,800, and emphasizes growth-based compensation.

Requirements

• Educational background in computer science, information security, or a related field, or equivalent experience
• Two (2) to three (3) years of experience in penetration testing, vulnerability assessments, or security research
• Experience in web application and API penetration testing, with the ability to discover and exploit vulnerabilities such as business logic flaws, broken access control, injection (e.g., SQL Injection, XSS, SSRF), and broken authentication
• Familiarity with penetration testing tools like Burp Suite, Metasploit, and Kali Linux
• Foundational knowledge of Web Security Testing Guide (WSTG), ASVS, OWASP Top Ten, MITRE ATT&CK framework, and secure coding practices
• Strong interpersonal skills, including active listening and the ability to empathize with diverse stakeholders. You communicate findings with clarity and care, tailoring your approach to meet the needs of technical and non-technical audiences alike

Responsibilities

• Perform penetration testing and vulnerability assessments on Jane’s systems, applications, and infrastructure under the guidance of senior team members, helping to identify and mitigate security risks while working collaboratively with stakeholders
• Assist in the operation and improvement of Jane’s bug bounty program by validating reported vulnerabilities, reproducing exploit scenarios, and engaging empathetically with external researchers to foster trust and partnership
• Execute red team activities such as phishing simulations, lateral movement scenarios, and application security testing, maintaining a balance between technical rigor and organizational empathy
• Help develop and refine security testing tools and processes, including automating repetitive tasks and integrating tools into workflows, while collaborating effectively with cross-functional teams
• Build strong relationships with software development, IT, and other teams to champion security initiatives and foster a shared sense of responsibility for maintaining a secure platform
• Contribute to incident response efforts by providing insights on potential attack vectors and assisting in post-incident reviews with a focus on growth and improvement
• Stay current on offensive security trends, tools, and tactics, sharing knowledge openly with colleagues to enhance team capabilities and cultivate a learning-oriented culture

Preferred Qualifications

• Experience with scripting languages (e.g., Python, Bash)
• Certifications like OSCP, CEH, Burp Suite Certified Practitioner (BSCP) or equivalent

Benefits

• Minimum annual salary of $95,100 and maximum annual salary of $142,600
• Target starting salary of $118,800
• Growth-based compensation
• Remote-first company, work from anywhere in Canada