Red Team Engineer
Spain, Comunidad de Madrid, MadridSecurity & Corp IT
Scalefast helps amazing brands develop a successful Direct-to-Consumer online business. Our next-generation technology platform is built to optimize modern eCommerce. Our end-to-end infrastructure includes global merchant-of-record agreements, fulfillment, subscription, loyalty programs, and finance functions to deliver new revenue and delightful brand experiences. Scalefast has proven itself with global brands like L’Oréal, Sega, Square-Enix and Flir.
As members of our Security Operations team, Red Team Engineers are responsible for the delivery of continuous assessments to ensure the quality and security of our platform, as well as build tools to automate your way out of manual efforts and influence the way Scalefast services respond to and mitigate threats.
We are looking for a Red Team Engineer to help ensure our services, applications, and websites are designed and implemented following the highest security standards and influencing Scalefast services through the creation of threat mitigation plans.
What do we offer?
- Competitive salary and a career path adapted to each person's abilities and experience within a company that is growing continuously
- 2 days a week working from home
- A flexible schedule and total conciliation between work and family life including reduced timetable during one month in summer
- Become part of a multi-cultural happy family where you can contribute with your experience and learn from the experience of others
- Work with amazing brands
- Get the opportunity to influence the future of our services and platform
- Excellent working environment with frequent social activities (hackathons, Spartan races, quarterly whole-team social event)
- Central Madrid office located an 8-minute walk from Atocha train station, with a bus stop and BiciMad station right outside the office
- Kitchen and dining facilities as well as a fully stocked games room with games consoles etc. - great to disconnect from work for a while and have fun with your colleagues
- Discounted parking space in the office building if you’re coming by car, bicycle parking for those worried about their carbon footprint
- Mental Health Wellbeing Program
- Scope and perform penetration testing & vulnerability research of complex proprietary software for our services
- Threat modeling
- Prepare and present detailed, written technical information for internal and external audiences
- Reporting on findings and vulnerabilities including presenting results to non-technical managers
- Stay up to date on the latest testing tools and techniques to ensure both yourself and the teams are using the most effective methods.
- Strong pentest fundamentals, particularly in web, API, and network architectures
- Solid understanding of common web app vulnerabilities, exploitation techniques, and remediation options
- Passion for learning new technologies and processes, and contributing to refining existing capabilities
- Experience with penetration testing and diagnostic tools such as Burp Suite, Kali Linux, tcpdump, Wireshark, Nmap, fuzzing tools, Metasploit, etc.
- English written and verbal communication skills
- Positive and solution-oriented mindset
- Passion for security and open source
- Understanding of network and web-related protocols (such as, TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
- Understanding of common cloud technologies and DevOps processes in AWS, GCP, Azure, Docker, Kubernetes, Terraform, etc.
- OSCP Certification or other certifications (e.g., CompTIA Security+, CEH, CISSP)
- Web development experience
- Knowledge of common authentication technologies including OAuth, SAML, CAs, OTP/TOTP
- Knowledge of web application technologies and layer 7 protocols
- Experience in a peak performance organization, preferably a tech startup
- Experience working with a remote team
- Enterprise software company experience
- Experience working with a global or otherwise multicultural team
- Passionate about/experienced with open source and developer tools