Senior Red Team Operator

Figment powers the future of Web3 through industry-leading blockchain infrastructure. As the leading provider of staking solutions, we help 500+ institutional clients optimize their crypto rewards, including top exchanges, asset managers, wallets, foundations, custodians, and major token holders. Our clients trust Figment for a comprehensive suite of services, including reward optimization, cutting-edge API development, detailed rewards reporting, seamless partner integrations, governance support, and slashing protection.

Backed by a team of passionate and intelligent Figmates, with a 100% remote-first global presence across 12 countries, our company is on a mission to accelerate the adoption, growth, and long-term success of the Web3 ecosystem. We’re building the infrastructure that will power the decentralized future.

As a fast-growing tech company, we’re looking for builders and innovators — people who thrive in the face of uncertainty and are motivated to make an impact. We are also looking for true teammates - people who are genuine, humble, and driven to level up together. If you're excited to shape the future, contribute to an energetic company culture, and work at the cutting edge of blockchain technology, we want you to join our team and help us lead the charge!

• As a senior member of the Figment Security Team, you'll plan and run full-scope adversary emulation across all of Figment's products and platforms, from conventional cloud and application infrastructure to build pipelines and crypto systems. You'll own engagements end-to-end: evaluating environments to find vulnerabilities, building the attack scenarios to prove them out, and seeing your findings drive real fixes.
• This role is as much about partnership as it is about offense. You'll work directly with stakeholders and the blue team to communicate findings clearly, recommend practical mitigations, and help strengthen our overall security posture.

• Plan and execute red team engagements, pentests, and ad-hoc assessments against cloud, development pipelines, web and application layers, source code, and more.
• Apply attacker tactics, techniques, and procedures safely within Figment environments, including detection-evasion work.
• Produce clear reports and presentations tailored to both technical and executive audiences.
• Partner with stakeholders, including technical staff, leadership, and legal counsel, to translate findings into risk-appropriate, actionable recommendations.
• Collaborate with the blue team to suggest mitigations, validate fixes, and improve defensive coverage.
• Mentor blue team members and lead cross-team exercises such as purple teaming.
• Support incident response with offensive security technical expertise and contribute to post-incident action plans.
• Build and improve red team tooling, scripts, infrastructure, methodologies, and documentation.

• Experience with and strong understanding of cloud platforms, CI/CD pipelines, and supply chains.
• Demonstrated use of AI tools to accelerate offensive work (LLM-assisted code review, payload generation, recon, report drafting), with sound judgment about where they help versus where manual testing is required.
• Offensive expertise in container orchestration: attacking and escaping Docker and Kubernetes (container breakout, RBAC abuse, misconfiguration exploitation).
• Experience performing API and web application assessments.
• Experience performing source code review for security flaws.
• Experience building automations that chain red team tooling together, cutting manual effort across recon, exploitation, and reporting.
• Strong written and verbal communication conveying findings, risk, and remediation to engineers, stakeholders, and executives.

• Industry certifications such as OSCP/OSCE, OSEP, OSWE, GPEN, GCPN, GWAPT, or GXPN.
• Solid understanding and experience working with GitHub and GitHub Actions.
• Programming skills as well as the ability to read and assess applications written in multiple languages such as Go, Rust, and Ruby.
• Understanding of security risks for blockchain and crypto.

At Figment, we offer an exciting range of competitive benefits designed to support and empower every member of our team:

• 100% remote-first environment. Our flagship office is in Toronto, Canada. We also have additional co-working spaces in New York, London, and Singapore. That means if you want to do your thing in the office (if you’re near one), at home, or a bit of both, it’s up to you.
• 4 weeks of PTO that kick in day one, with an additional 1 week of flex days.
• Extended company-paid health benefits that kick in day one.
• Best-in-class parental leave and flexible arrangements.
• A home office stipend to create a space that you enjoy working in.
• Monthly Wi-Fi reimbursement.
• A yearly Learning & Development budget.
• 401K (US) or RRSP match (Canada).
• Stock Options in the company.
• Annual on-site company gatherings and retreats to inspire team bonding, collaboration, and fun!

• We are a team of under 200 members, which allows for an impactful contribution from day one.
• We place a strong focus on personal career development to shape a role that fits your goals and interests. Your satisfaction and well-being matter to us, and we’re here to support your ongoing growth.
• Our culture is one of honesty, professionalism, and risk-taking in a high-growth environment.
• Our team members themselves recommend working at Figment - with an eNPS score of 54 (which is ranked as ‘great’!).
• We are also extremely proud to be ranked as one of the top Web3 employers by Talent Titans.