About the Role
Join us in building an autonomous penetration testing platform that simulates real-world adversaries. You&aposll develop exploit chains, 0-day discovery systems, and evasive payloads that help organizations understand their security posture for cyber insurance and compliance.
What You&aposll Build
- Exploit Automation: Multi-stage attack chains from initial access to data exfiltration
- 0-Day Discovery: Intelligent fuzzing infrastructure and vulnerability research systems
- Evasion Techniques: Polymorphic payloads that bypass modern EDR/AV solutions
- Cloud Attacks: AWS/Azure/GCP exploitation modules and container escapes
- Custom C2: Covert communication channels and post-exploitation frameworks
- Reporting Engine: Auto-generate compliance-ready pentest reports
Technical Skills Required
- Languages: Python (expert), C/C++, Go/Rust, Assembly basics
- Web Exploitation: OWASP Top 10 (SQLi, XSS, SSRF, Deserialization, SSTI)
- Binary Exploitation: Buffer overflows, ROP chains, heap exploitation
- Tools: Metasploit, Burp Suite, Cobalt Strike, IDA/Ghidra
- Cloud Security: AWS/Azure misconfigs, Docker/K8s attacks
- Evasion: AV bypass, sandbox detection, AMSI/ETW patching
Must-Have Credentials
- HackTheBox: Minimum Pro Hacker rank (50+ owns) - include profile link
- CTF Experience: Active participation (picoCTF, DEF CON quals, GoogleCTF)
- GitHub Portfolio: Security tools, exploit development, CTF writeups
- Proven Skills: CVEs, bug bounties, or published exploits are a huge plus
Preferred Qualifications
- TryHackMe Top 5% or PortSwigger Academy completion
- OSCP/OSWE in progress or completed
- pwnable.kr, ROP Emporium, or Nightmare challenges
- Personal security research blog or YouTube channel
- Contributed to open-source security tools
Interview Process
- Portfolio Review: GitHub + HackTheBox profile assessment
- Take-Home Challenge: Design an attack chain for given scenario assignment
Red Flags We Avoid
- Only used automated scanners
- Can&apost code beyond basic scripts
- No hands-on exploitation experience
- Ethical flexibility
Green Flags We Love
- Built your own tools
- Linux nut
- Discovered real vulnerabilities
- Active security community contributor
Why This Role
This isn&apost a typical security internship running Nessus scans. You&aposll build the platform that makes traditional pentesting obsolete. Your code will simulate real attackers, helping protect thousands of organizations.
We need someone who sees a login page and thinks 'SQLi, NoSQLi, LDAP injection, or mass assignment' Someone who gets excited about bypassing protections, not just finding vulns.
