Senior Penetration Tester

You will perform application security assessments including code reviews (Go and Python), design reviews, and manual penetration testing of web applications, services, and infrastructure. You will build and operate AI assisted tools to increase testing throughput and coverage. You will conduct threat modeling for high impact systems and articulate risk in terms of business logic and potential customer impact. You will collaborate on bug bounty triage, validate critical vulnerabilities surfaced by automated tools, and contribute to fixes. You will research emerging threats and share insights with the wider security community. You will advocate for security and privacy across engineering and product teams.

Responsibilities

Perform application security assessments including code reviews (Go and Python), design reviews, and manual penetration testing of web applications, services, and infrastructure.
Build and operate AI assisted tools to increase testing throughput and coverage.
Conduct threat modeling for high impact systems and articulate security risk in terms of business logic, fraud potential, and customer impact.
Collaborate on the triage of bug bounty submissions.
Validate critical vulnerabilities surfaced by automated tools and improve detection coverage through scripting and configuration.
Work cross-functionally with engineers to mitigate issues, often contributing detection strategies, and occasionally direct code fixes via pull requests.
Research emerging threats, new technologies, and attack techniques to evolve offensive and defensive capabilities of AI/ML systems.
Publish technical blog posts, speak at industry conferences, or share insights with the wider security community.
Advocate for security and privacy across engineering and product development teams.

Requirements

5+ years of experience in penetration testing, application security, or security engineering.
Proactive communication and engagement with stakeholders.
Demonstrated impact using AI tools (models, agentic frameworks, et al) as force multipliers in security work.
Proficiency in auditing and exploiting Go and Python services.
Strong grasp of application security principles, authentication and authorization models, and common vulnerability patterns.
Experience with vulnerability research, business logic flaws, and application-layer misuse patterns.
Experience targeting AI/ML systems: prompt injection, tool/agent misuse, context and model exfiltration, and the broader stack (RAG pipelines, MCP servers, agentic frameworks).
Working knowledge of cryptocurrency and blockchain security: custody and signing flows, wallet and key-management design, on-chain integrations, and misuse patterns specific to digital-asset movement (transfer validation, replay, signature handling, bridge/staking integrations).
Familiarity with Linux systems, intrusion detection, and common log formats.
Hands-on experience testing cloud environments (AWS, GCP, or similar) and container orchestration platforms (Docker, Kubernetes).
Knowledge of network protocols (TCP/IP, DNS) and secure architecture best practices.
Ability to work independently, structure and execute testing plans, and clearly communicate risk to technical and non-technical stakeholders.
Comfort collaborating and documenting work asynchronously using tools like Slack, GitHub, and JIRA.

Benefits

Challenging, high-impact work to grow your career
Performance driven compensation with multipliers for outsized impact, bonus programs, equity ownership, and 401(k) matching
Best in class benefits to fuel your work, including 100% paid health insurance for employees with 90% coverage for dependents
Lifestyle wallet - a highly flexible benefits spending account for wellness, learning, and more
Employer-paid life & disability insurance, fertility benefits, and mental health benefits
Time off to recharge including company holidays, paid time off, sick time, parental leave, and more!
Exceptional office experience with catered meals, events, and comfortable workspaces.