Research emerging threats across the surface web, dark web, and deep web
Build threat models, conduct threat hunts, and plan and execute purple team engagements
Coordinate internal red team testing operations that emulate a threat actor
Collaborate with application development teams, platform engineers, and Security Operations Center (SOC) engineers to improve our offensive and defensive security controls
Contribute to vulnerability testing and analysis as well as incident response and analysis
Include testing for web, mobile, CLI, and desktop application security issues across our multi-product portfolio, including Bitwarden Password Manager, Secrets Manager, and Passwordless.dev, our APIs, serverless functions, and database
Participate in code reviews, learning and spreading technical knowledge about security posture
Contribute to resolutions for security-related issues
Coordinate technical validation and leadership review of purple team reports detailing testing results and potential areas of improvement
Conduct internal penetration tests on systems and networks to determine realistic threat vectors
Manage software tools for code scanning, vulnerability identification, and finding reporting
Effectively communicate findings, attack paths, and recommendations to stakeholders
Train others on the adversary simulation tactics and procedures used
Stay informed on current security trends, publications, and advisories
Assist to provide guidance and subject matter expertise as it pertains to all areas of security and technical operations, including analysis of our cloud environments, security testing and documentation, as well as investigations, software research, new technology, services and tools research, and vendor security analysis

Requirements

Experience with Penetration Testing Tools, such as Burp Suite, NMAP, Nessus, Metasploit, Kali Linux, SQLMap, Owasp ZAP, and manual testing tools
In-depth knowledge of leading vulnerability management tools and strategies
In-depth understanding and usage of application security testing technologies is a plus
Understanding of authentication concepts, including OpenIDConnect, SAML, OAuth, and SSO flows
Strong working knowledge of vulnerability management tools, data and network security technologies
Collaborative and adaptable mindset
Openness and authenticity combined with excellent communication skills
Excitement and enthusiasm for open source and for better internet security
Excellent problem-solving skills – you might not know all the answers, but you know how to find and communicate the solution
Ability to maintain discretion, handle sensitive information, and maintain security best-practices
Security purple team technocrat at heart, staying current with trends and new technologies

Benefits

Competitive salary
Dedicated to building a diverse and talented team
Learn and grow professionally
Work remotely with motivated and supportive team members across the world

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

penetration testingvulnerability managementapplication security testingthreat modelingincident responsecode reviewssecurity analysisadversary simulationcloud securitydata security

Soft Skills

collaborative mindsetadaptabilitycommunication skillsproblem-solvingdiscretionauthenticityenthusiasm for open sourceexcitement for internet security