Offensive Security Engineer (penetration testing)

Short facts about us:

• We are a global remote-first team of 80+ people on 2 continents and in 7 time zones.
• We have been protecting our clients since 2014.
• The company has raised over $10M in investments.
• More than 200 customers around the world, including Fortune 500, Nasdaq, and high-growth startups choose Wallarm to protect their API and web applications.
• The company passed Y Combinator, the most prestigious incubator in Silicon Valley, from which Dropbox, Stripe, Docker, etc. came out.

Our product:

Wallarm API security solutions provide proven performance to support innovative companies serving millions of users and billions of API requests per month. Hundreds of Security and DevOps teams globally use Wallarm daily to:

1. Discover. See every asset across your entire attack surface—from cloud environments to every API endpoint with auto-discovery capabilities.
2. Protect. A single suite that goes beyond OWASP Top 10 for full coverage for API specific threats, account takeover, malicious bots, L7 DDoS, and more.
3. Respond. Streamline incident response with complete visibility, smart triggers, and active threat verification.
4. Test. Automate security testing of your APIs and web assets. Prioritize remediation for every asset, in every environment.

Our technology stack:

• The system management interface is written in React and is a Single Page Application. Therefore, backend teams are not engaged in layout, but only API development.
• For backend development, we use Ruby and Golang
• Some components and modules are written in Python (Data Science/ML). But mostly Python is used by the QA department for developing integration autotests.
• Cloud deployed with Kubernetes/Helm and Terraform
• Main frameworks used: Ruby On Rails (API only)/Sinatra; gin for Golang
• Main databases used: PostgreSQL, Elasticsearch, Riak/S3, Tarantool and Redis

About the role

Are you someone that loves security and is a hacker at heart? Wallarm is looking for an eager and motivated Penetration Tester to join our Audit Security Team. This position will provide you the chance to work on identifying vulnerabilities across different software products and work collaboratively as part of the skilled and experienced pentest team.. If you have experience with penetration testing and a drive to learn check out below to learn more and apply!

What you will do

• Develop and execute standard penetration tests to exploit vulnerabilities in the system.

• Help ensure software security, communicate security vulnerabilities of all severities to all affected stakeholders within the product organization.

• 3+ years of relevant experience (or an equivalent combination of education and experience sufficient to successfully perform the principal duties of the job)

• Experience with penetration testing

• Good critical thinking and problem solving skills

• Attention to detail

• Knowledge of security principles

• Good collaboration skills, applied successfully within team as well as with other areas

To apply to this job you need complete our test task in advance (find more in the application form).

What we offer:

• Ability to work on a product that makes the Internet safer
• Completely remote work
• Competitive salary and bonuses
• 15 paid days off in addition to the vacation
• Flexible working hours
• Allocated budget for each employee for compensation:
  • Education (trainings, conferences, books, etc.)
  • Sport (Fitness, sports sections, equipment, etc.)
  • Paid medicine (including psychologists)
  • Vacation (tickets, hotels, tours, etc.)
  • Leisure (tickets to the theatre or cinema)
  • Workplace equipment