Senior Red Team Operator

## You could work anywhere. Why Figment? [**Figment**](https://figment.io/) powers the future of Web3 through industry-leading blockchain infrastructure. As the leading provider of staking solutions, **we help 500+ institutional clients optimize their crypto rewards**, including top exchanges, asset managers, wallets, foundations, custodians, and major token holders. Our clients trust Figment for a comprehensive suite of services, including **reward optimization**, **cutting-edge API development**, detailed **rewards reporting**, seamless **partner integrations**, **governance support**, and **slashing protection**. Backed by a team of passionate and intelligent Figmates, with a **100% remote-first** global presence across **12 countries**, our company is on a mission to accelerate the adoption, growth, and long-term success of the Web3 ecosystem. We’re building the infrastructure that will power the decentralized future. As a fast-growing tech company, we’re looking for **builders** and **innovators** — people who thrive in the face of uncertainty and are motivated to make an impact. We are also looking for true teammates - people who are genuine, humble, and driven to level up together. If you're excited to shape the future, contribute to an **energetic company culture**, and work at the cutting edge of blockchain technology, we want you to join our team and help us lead the charge!

## How you will make an impact - Plan and execute red team engagements, pentests, and ad-hoc assessments against cloud, development pipelines, web and application layers, source code, and more. - Apply attacker tactics, techniques, and procedures safely within Figment environments, including detection-evasion work. - Produce clear reports and presentations tailored to both technical and executive audiences. - Partner with stakeholders, including technical staff, leadership, and legal counsel, to translate findings into risk-appropriate, actionable recommendations. - Collaborate with the blue team to suggest mitigations, validate fixes, and improve defensive coverage. - Mentor blue team members and lead cross-team exercises such as purple teaming. - Support incident response with offensive security technical expertise and contribute to post-incident action plans. - Build and improve red team tooling, scripts, infrastructure, methodologies, and documentation.

## What you bring to the team - Experience with and strong understanding of cloud platforms, CI/CD pipelines, and supply chains. - Demonstrated use of AI tools to accelerate offensive work (LLM-assisted code review, payload generation, recon, report drafting), with sound judgment about where they help versus where manual testing is required. - Offensive expertise in container orchestration: attacking and escaping Docker and Kubernetes (container breakout, RBAC abuse, misconfiguration exploitation). - Experience performing API and web application assessments. - Experience performing source code review for security flaws. - Experience building automations that chain red team tooling together, cutting manual effort across recon, exploitation, and reporting. - Strong written and verbal communication conveying findings, risk, and remediation to engineers, stakeholders, and executives.

## Why you might be excited about us - **100% remote-first environment.** Our flagship office is in Toronto, Canada. We also have additional co-working spaces in New York, London, and Singapore. That means if you want to do your thing in the office (if you’re near one), at home, or a bit of both, it’s up to you. - 4 weeks of **PTO** that kick in day one, with an additional 1 week of flex days. - Extended **company-paid health benefits** that kick in day one. - Best-in-class **parental leave** and flexible arrangements. - A **home office stipend** to create a space that you enjoy working in. - Monthly **Wi-Fi reimbursement.** - A yearly **Learning & Development budget.** - 401K (US) or RRSP match (Canada). - **Stock Options** in the company. - Annual **on-site company gatherings** and retreats to inspire team bonding, collaboration, and fun!

Figment is a leading provider of staking infrastructure and solutions for Proof-of-Stake blockchains, enabling institutions like asset managers, custodians, exchanges, and wallets to earn rewards on digital assets. It offers comprehensive services including APIs, validators, slashing protection, staking data, and liquid staking, with over $15 billion in assets staked and more than 500 institutional clients globally.[1][3]