Form3 are looking for an Ethical Hacker - 100% Remote (UK/EU Only) to join their team.
The team is comprised of our Defensive and Offensive Engineering teams alongside our Information Security Officers, whilst our CISO leads the operation. Our security team interact with the product and platform engineering teams across the company to promote best practices and awareness. They’re continually baking security into our culture, utilising new technologies and open-source tools to ensure high standards of security are maintained.
Form3’s Offensive Security Engineering division is becoming rapidly more sophisticated in their approach to security testing. This team is tasked with maintaining and continually our improving our resilience from attackers from the attacker’s perspective. With a wide range of tools and technologies available to you this is your chance to operate as a true threat actor. Below are some examples of projects the team is working on:
- Penetration Testing the increasingly growing ecosystem of Form3.
- Working towards creating Red Team engagements for example; phishing assessments including the creation of custom malware.
- Maintaining and advocating the DevSecOps mindset we have created across the business.
- Creating new tools and methodologies to enable our team to deploy creative and effective threat assessments.
- Infrastructure: AWS, GCP, Azure, Kubernetes (this will increase as we go cloudagnostic)
- Platform: CockroachDB, EKS, GKE, PostgresDB, Vault, Consul, Linkerd, Cilium, NATS
- Tools: Terraform, Github, Flux, Prometheus, Pact.io, TFSec, Travis CI
- Code: Go, (a little Java), CQRS, Open-Source, Python (Security tools)
- Ways of working: DevSecOps, GitOps, TDD/BDD, Pair Programming, 100% Remote
WHAT WE NEED FROM YOU AND WHY
- Confidence within a DevSecOps environment, here at Form3 DevSecOps is our chosen methodology/ mindset so experience with automatic code analysis, IaC (Terraform preferably) security and CI/CD pipeline exploitation is critical here. This extends to having the ability to not only test but offer hands-on assistance in the remediation stages.
- Experience in Cloud-Native/ Multi-Cloud offensive security engineering. Form3 is rapidly approaching it’s goal of becoming platform-agnostic, our OffSec team is tasked with offering business leaders a clear perception of the cloud threat landscape through extensive testing and research.
- Kubernetes and Container expertise. Running on a micro-service, distributed architecture, our OffSec team are challenged with finding and exploiting vulnerabilities and loopholes to ensure that our architecture is as secure and impenetrable as possible, networks and bare metal are included within this scope.
- Previous engagement in Red Teaming activities. Form3 strive to be industry leaders in Security so we are constantly innovating new methodologies, trialling internal phishing activities and alternative means of exploitation. The ideal candidate will have engaged in sophisticated operations such as ThreatIntelligence led penetration tests.
SPECIFIC DESIRABLES AND YOUR SPECIALISMS
- Strong programming skills, we are flexible on languages, we use Go as our main language for production so a willingness or interest to learn Go is fundamental. In security we write our own scripts for automation in Python, Go and other languages while contributing to open-source tools so we can utilise them.
- In-depth knowledge and capabilities using Linux and Unix technologies and how these can be used in the attack matrix to allow for privileged escalation and lateral movement.
- Malware analysis and reverse engineering experience or interest is preferred/ desirable.
- Active contribution to Open-Source projects and tools is highly encouraged at Form3 so prior interest in this is always welcomed.
- Keen interest in new and emerging threats, vulnerabilities and adversary advancements coupled with the ability to present these to the wider team.
- Qualifications: OSCE, CCT App or Inf (or equivalent), CCSAS, eCMAP, eCRE, GREM, CCSP, Cloud Specific Qualifications
- 30 days annual leave PLUS Bank Holidays
- Remote-First environment
- Flexible Working Arrangements
- Training Tools such as Udemy and Educational reimbursements
- Hack-the-box Thursdays!
- Full details are available on our careers page
We are an award-winning cloud-native payment technology provider for financially regulated institutions. Launched in 2016, we've doubled in size year on year as we continue to redefine what a truly instant payment experience means.
We celebrate diversity, promote entrepreneurialism and are committed to giving everyone a say in shaping our business. Here you will grow as a person and accomplish incredible things. A career at Form3 is empowering, inspiring and fun. Join us and help shape the future of payments.
At Form3 we embrace equal opportunity and are committed to building a diverse team of exceptional individuals. We do not discriminate on the basis of race, religion, colour, national origin, gender, sexual orientation, age, marital status, or disability status and it is our strong belief that the more inclusive we are as a business, the better our work will be.