Principal Red Team Operator

Published on December 23, 2023

At Figment, our mission is to support the adoption, growth and long term success of the Web 3 ecosystem. This is Figment’s unique approach: we make it simple to build on the next generation of blockchain technology. We provide enterprise grade node and staking infrastructure and developer tools while also actively participating in community & governance.

Figment is the world’s leading provider of blockchain infrastructure. We provide the most comprehensive staking solution for our over 200+ institutional clients including exchanges, wallets, foundations, custodians, and large token holders to earn rewards on their crypto assets. These clients rely on Figment’s institutional staking service including rewards optimization, rapid API development, rewards reporting, partner integrations, governance, and slashing protection. Figment is backed by industry experts, financial institutions and our global team across twenty three countries. This all leads to our mission to support the adoption, growth and long term success of the Web3 ecosystem.
We are a growth stage technology company – looking for people who are builders and doers. People who are comfortable plotting their course through ambiguity and uncertainty to drive impact and who are excited to work in new ways and empower a generative company culture.

As a principal member of the Figment Security Red Team, your responsibility will be to design and execute campaign-based security testing for Figment. This will involve targeting multiple types of assets. Successful applicants should have the ability to evaluate environments, applications, systems, or processes to identify vulnerabilities. Furthermore, they should be able to translate these findings into practical attack strategies for real-world scenarios.

To effectively support Figment's security initiatives, you will need to utilize your knowledge of operating system security, networking and protocols, firewalls, databases, middleware applications, scripting, and programming. You will also need to effectively communicate highly technical information to internal customers. Additionally, you will be responsible for providing remediation recommendations and validating security remediation findings.

  • Document processes, procedures, and workflows for Red Team operations.
  • Perform a full range of Red Team activities, including network penetration, web and mobile application testing, source code reviews, threat analysis, wireless network assessments, social engineering testing, and detection evasion techniques.
  • Develop comprehensive and accurate reports and presentations for both technical and executive audiences.
  • Collaborate with senior leadership to enhance the Red Team strategy and improve the company's security posture.
  • Effectively communicate findings and strategies to client stakeholders, including technical staff, executive leadership, and legal counsel.
  • Provide practical and risk-appropriate recommendations to address vulnerabilities.
  • Configure and safely use attacker tools, tactics, and procedures in Figment environments.
  • Enhance Figment's red teaming processes by developing and improving scripts, tools, and methodologies.
  • Offer recommendations and guidance to enhance the defensive capabilities of the team and its ability to defend the Figment Enterprise.
  • Provide mentoring and training to Blue Team members and actively participate in cross-team security exercises.
  • Provide technical expertise and support during incident response and assist in creating post-incident action plans.

  • Bachelor's degree or four or more years of work experience
  • Experience in network penetration testing and manipulation of network infrastructure.
  • Experience in API and web application assessments.
  • Experience in email, phone, or physical social-engineering assessments.
  • Experience in shell scripting or automation of simple tasks using Bash, Perl, Python, or Ruby.
  • Experience developing, extending, or modifying exploits, shellcode or exploit tools.
  • Experience with container orchestration management tools.
  • Experience with source code review for control flow and security flaws.
  • Experience with Red, Blue, or Purple teaming exercises.
  • Strong knowledge of tools used for wireless, web application, container and network security testing, such as Kali Linux, Metasploit, Burp Suite, Core Impact, Cobalt Strike, Nessus, Web Inspect, and Scuba.
  • Strong technical writing.

One of Figment’s core principles is “Making the Invisible Visible” - ensuring transparency and information sharing in all communication. Figment is committed to transparency regarding pay, benefits, and other compensation types for all internal roles as well as all roles being hired for.

Base Salary: The US base salary range for this position is USD $180,000 - $200,000. The CAD base salary range for this position is CAD $180,000 - $200,000. This range reflects base salary only, and does not include additional compensation or benefits. For candidates in other countries, the pay range will be disclosed upon your first interview with Figment (being a globally remote company, the list of salary ranges would simply be too long to note here!). The range displayed reflects the minimum and maximum range for a new hire across all Canada or the US. A candidate’s specific pay within the range will be determined by various factors including job-related skills, relevant education, and training.

Benefits: All employees of Figment receive the following competitive benefits. For candidates beyond Canada and the US, benefits will be outlined during your first interview with Figment.
  • 100% remote-first environment, with co-working spaces in our employee “hubs” across the globe for those who enjoy a hybrid model
  • 4 weeks of PTO that kick in day one, with an additional 1 week of flex days
  • Extended company-paid health benefits that kick in day one
  • Best in class parental leave and flexible arrangements 
  • A home office stipend to create a space that you enjoy working in
  • Monthly Wifi reimbursement
  • A yearly Learning & Development budget
  • 401K (US) or RRSP match (Canada)
  • Stock Options in the company
  • Competitive bonus (based on company performance) that is distributed bi-annually - we believe that the company’s success should be shared with our employees often 
    • For roles listed within the Sales Department, there is instead a competitive commissions structure which will be outlined during your first interview with Figment
  • Annual onsite company gatherings and retreats to inspire team bonding, collaboration, and fun!
  • A culture of honesty, professionalism and risk taking in a high-growth environment

Figment is a remote-first company operating with a global footprint across 23 countries. Are you interested in helping us build the future of digital assets?