Senior Red Teamer
Storyblok
Established in 2017, Storyblok has rapidly ascended to the forefront of the global headless CMS landscape. Our vision is to “pioneer the future of content management, removing barriers between developer and marketing teams by offering an intuitive, scalable, and intelligent platform to deliver digital experiences from idea to success”.
Our team is made up of smart, passionate individuals who excel in their work. People who are comfortable taking on big ideas and figuring out the details along the way. With a dynamic team of over 220+ passionate individuals spanning 45+ countries, we're not just breaking boundaries; we're redefining them!
Our recent $80m Series C funding round, secured in June 2024, marked a crucial milestone for us. It has fueled our remarkable growth in the US market and accelerated our ongoing expansion and advancements across EMEA.
We're proud recipients of numerous awards, including recognition in G2's 2024 Best Software Awards. As a remote-first company, we have been officially recognized as one of the top 100 most flexible places to work, ranking #3 in the scale-up category as per Flexa Careers.
WHAT IS IN IT FOR YOU
You will be joining a growing company where you can contribute to many “firsts”. Plus these benefits:
- Monthly remote work stipend (home internet costs, electricity). Home office equipment package right at the start (laptop, keyboard, monitor…)
- Home office equipment upgrade (furniture, ear plugs …) or membership to a local co-working space after your onboarding
- Sick leave benefit, parental leave and 25 days of annual leave plus your local national holidays
- Personal development fund for courses, books, conferences, and material
- VSOP (Virtual Stock Option Plan)
- The annual international team-building trip, quarterly and monthly online get-togethers
- As a fully remote company, with work-life balance at its core, you’ll enjoy flexible schedules
- An international team that loves to have fun at work and works hard together to accomplish shared goals
JOB SUMMARY
This role focuses on various security-related tasks around our day to day product operation such as the execution of threat-led penetration testing, handling of external security findings, execution of red / purple team exercises and penetration testing of external and internal infrastructures, architecture and configuration review, source code review, attack simulation exercises, and cloud infrastructure assessments. The results of these findings should be communicated to the appropriate stakeholders.
Your main responsibilities would be:
- Monitoring for incoming vulnerability reports, testing for viability, categorisation of the findings and making sure they are fixed or properly mitigated.
- Execution of threat-led penetration testing and red / purple team exercises by utilizing well-known and established frameworks such as MITRE ATT&CK and TIBER-EU.
- Set-up and maintain automated testing systems to continuously monitor Storyblok's security posture
- Assist with performing social engineering assessments (email phishing, vishing, physical access attacks) to simulate the theft of passwords, infiltrate systems, and download malware / ransomware to assess the security awareness.
- Perform penetration tests on Storyblok assets, such as external and internal infrastructures and web applications to identify security weaknesses and misconfigurations.
- Perform security configuration assessments for cloud, network, servers and endpoints.
- Prepare reports and present on vulnerabilities and exploitation techniques.
- Coaching and developing team members through sharing of experience and knowledge.
- Keep up to date with the latest penetration testing techniques and the current threat landscape.
- Maintain knowledge about current security standards, systems, and authentication protocols.
- Provide awareness about potential threats and cyber security best practices.
EDUCATION AND EXPERIENCE
- Experience with large scale applications on Amazon AWS
- Experience with Linux, networking protocols, general utilities, and shell scripts
- Fluency in scripting languages like Bash, Ruby, or Python
- Experience with Cloud-native solutions
- Excellent knowledge of offensive security frameworks
- Experience with industry recognized security testing standards, penetration testing methodology and attack simulation tools.
- Working experience preferred related to the execution of red / purple team exercises and / or penetration testing of web and mobile applications, internal and external infrastructure, execution of social engineering assessments.
- Be able to conduct research and development and solve technical problems independently.
- Be a team player with good communication and interpersonal skills.
- Excellent communication skills
MENTAL, PHYSICAL AND ENVIRONMENTAL REQUIREMENTS
Remote (home) work opportunity or funded by Storyblok co-working space
GENERAL TERMS
Storyblok has a commitment to diversity and inclusion. We strive to create a hiring environment in which all people feel they are equally respected and valued, irrespective of gender identity or expression, sexual orientation, ethnicity, age, religion, citizenship or any other characteristic. You can find more information about our privacy policy here.
All communications regarding job opportunities at Storyblok will come from an official Storyblok employee with an email address ending in @storyblok.com. We will never redirect you to another portal or another site that is unrelated to our domain (storyblok.com).
Here is a sneak peek of Storyblok’s Visual Editor
If you need an accommodation for any part of the application process, please email talent.acquisition@storyblok.com