Senior Red Team Operator

Remote $165k–$180k senior 23 days ago full-time quality 8.2/10

Role in brief

Figment, a blockchain infrastructure provider, seeks a Senior Red Team Operator to conduct security assessments and adversary emulation. This role involves planning and executing red team engagements across cloud, development pipelines, and applications. Ideal for a senior security professional with strong offensive security skills in cloud environments and container orchestration, who can also mentor and collaborate with blue teams.

About the role

This role focuses on enhancing Figment's security posture through proactive offensive operations. The Senior Red Team Operator will plan and execute various security assessments, including red team engagements and penetration tests, targeting cloud infrastructure, CI/CD pipelines, web applications, and source code. This involves applying attacker tactics while ensuring safe operations within Figment's environments.

A key aspect of the role is the ability to translate technical findings into clear, actionable recommendations for diverse audiences, from technical staff to executives. The operator will collaborate closely with blue teams, providing insights for mitigation strategies, validating fixes, and leading purple teaming exercises. This position also supports incident response efforts with specialized offensive security expertise.

Success in this position requires not only strong technical execution but also a commitment to continuous improvement. The operator will be responsible for building and refining red team tooling, scripts, infrastructure, and methodologies. This includes leveraging AI tools for efficiency while maintaining judgment for manual testing, and contributing to the overall documentation of security practices.

The compensation for this role is between $165,000 and $180,000 USD annually.

Skills that matter here

  • cloud platforms: The role requires a strong understanding of cloud environments to plan and execute red team engagements and assessments effectively.
  • CI/CD pipelines: The operator will assess the security of continuous integration and continuous deployment pipelines, identifying potential vulnerabilities.
  • AI tools: Experience using AI tools for tasks like code review, payload generation, and report drafting is expected, with an emphasis on discerning when manual testing is necessary.
  • container orchestration: Offensive expertise in attacking and escaping Docker and Kubernetes environments, including exploiting misconfigurations, is a core requirement.
  • API and web application assessments: The role involves performing security assessments specifically on APIs and web applications to identify and address vulnerabilities.
  • source code review: Experience in reviewing source code for security flaws is necessary to conduct thorough assessments.

Who this role suits

  • A security professional who is driven to proactively identify and exploit vulnerabilities before malicious actors do.
  • Someone who can communicate complex technical risks and solutions clearly to both technical and non-technical audiences.
  • An individual who enjoys mentoring others and collaborating with defensive security teams to enhance overall security posture.
  • A builder and innovator who thrives in uncertainty and is motivated to improve security tooling and methodologies.

From the employer

How you will make an impact

  • Plan and execute red team engagements, pentests, and ad-hoc assessments against cloud, development pipelines, web and application layers, source code, and more.
  • Apply attacker tactics, techniques, and procedures safely within Figment environments, including detection-evasion work.
  • Produce clear reports and presentations tailored to both technical and executive audiences.
  • Partner with stakeholders, including technical staff, leadership, and legal counsel, to translate findings into risk-appropriate, actionable recommendations.
  • Collaborate with the blue team to suggest mitigations, validate fixes, and improve defensive coverage.
  • Mentor blue team members and lead cross-team exercises such as purple teaming.
  • Support incident response with offensive security technical expertise and contribute to post-incident action plans.
  • Build and improve red team tooling, scripts, infrastructure, methodologies, and documentation.

What you bring to the team

  • Experience with and strong understanding of cloud platforms, CI/CD pipelines, and supply chains.
  • Demonstrated use of AI tools to accelerate offensive work (LLM-assisted code review, payload generation, recon, report drafting), with sound judgment about where they help versus where manual testing is required.
  • Offensive expertise in container orchestration: attacking and escaping Docker and Kubernetes (container breakout, RBAC abuse, misconfiguration exploitation).
  • Experience performing API and web application assessments.
  • Experience performing source code review for security flaws.
  • Experience building automations that chain red team tooling together, cutting manual effort across recon, exploitation, and reporting.
  • Strong written and verbal communication conveying findings, risk, and remediation to engineers, stakeholders, and executives.

Why you might be excited about us

  • 100% remote-first environment. Our flagship office is in Toronto, Canada. We also have additional co-working spaces in New York, London, and Singapore. That means if you want to do your thing in the office (if you’re near one), at home, or a bit of both, it’s up to you.
  • 4 weeks of PTO that kick in day one, with an additional 1 week of flex days.
  • Extended company-paid health benefits that kick in day one.
  • Best-in-class parental leave and flexible arrangements.
  • A home office stipend to create a space that you enjoy working in.
  • Monthly Wi-Fi reimbursement.
  • A yearly Learning & Development budget.
  • 401K (US) or RRSP match (Canada).
  • Stock Options in the company.
  • Annual on-site company gatherings and retreats to inspire team bonding, collaboration, and fun!

Questions about this role

What is the remote work policy for this role?

This is a 100% remote-first position, with the option to work from co-working spaces in Toronto, New York, London, or Singapore if desired.

What is the seniority level for this position?

This is a senior-level role.

What is the salary range for this position?

The salary for this role ranges from $165,000 to $180,000 USD.

Similar jobs

Before you apply

  • Legitimate employers never ask you to pay anything to apply or get hired.
  • Never share seed phrases or private keys. No real job needs them.
  • Do not install software ("test tasks", "trading tools", "video call clients") sent during hiring.
  • Check that the application page's domain really belongs to Figment.