Careers in careful product security testing

Join a small, remote-friendly team that tests apps, APIs, cloud, and AI systems with clear scope and non-disruptive work. We prioritize thoughtful analysis and clear reporting over volume.

Clarity on role, scope, and evaluation

We want you to know what the work looks like, how we evaluate it, and what good looks like here.

⚠️ Where candidates get stuck

Security roles often sound exciting but leave key details vague.

Vague scope

Job posts list buzzwords but not what you will test or own.

Impact: Hard to judge if the role fits your strengths.

Opaque interviews

Processes are unclear and change midstream.

Impact: Candidates cannot plan time or prepare well.

Unclear expectations

Remote work, collaboration style, and feedback cycles are not defined.

Impact: You are left guessing what success looks like.

How we make it concrete

We publish the scope, explain the process, and set expectations early.

Specific work scope

Apps, APIs, cloud, and AI systems with time for deep testing.

Clarity: You know what you will actually work on.

Transparent interview steps

Each stage has a goal and time estimate, plus a paid practical assessment.

Clarity: You can plan and decide with full context.

Clear working model

Remote-first, async-friendly, and focused on quality over volume.

Clarity: Success criteria are explicit and reasonable.

Credibility earned through careful testing

For over a decade we have tested B2B SaaS products across apps, APIs, cloud, and identity. That work spans 700+ engagements across 150+ organizations, with a repeatable approach to finding real, fixable issues without disrupting teams.

Our approach is visible before you join. We publish research, contribute open source tools, and share sample reporting so candidates and clients can evaluate our depth without taking a leap of faith.

Engineering and security teams that value clarity and restraint trust our work. You will be contributing to a practice that other teams already rely on to make decisions with confidence.

Attack paths we use to guide the work

We model how attackers actually move through products and infrastructure, then test along those paths. It keeps the work grounded, and it explains why our testing is structured the way it is.

Identity and access entry points

Most real compromise starts with authentication or account recovery. We test these flows because they define the ceiling for everything else.

  • SSO, MFA, and session controls aligned to role sensitivity
  • Account recovery and invitation paths validated for bypasses
  • Token and cookie handling across login, logout, and role changes
  • Audit logging for authentication events and privilege changes

Business workflow authorization

Attackers pivot through workflows where authorization is assumed. We trace end-to-end paths the way a user would.

  • Authorization enforced on every request and service boundary
  • Tenant isolation verified across core data flows
  • Privilege escalation paths tested against intended roles
  • High-value actions require re-authentication or controls

API surfaces and abuse paths

APIs are where automation and abuse concentrate. We test them with the same rigor as the UI.

  • Authentication required on sensitive endpoints
  • Schema and input validation consistency
  • Rate limits on high-cost or sensitive operations
  • Parity checks between UI and API authorization

Cloud and deployment pivots

Misconfigurations create quiet paths. We validate cloud posture tied to the environments you actually run.

  • IAM roles scoped to least privilege
  • Public storage and exposed services reviewed
  • Network segmentation and service boundaries validated
  • Change and deployment logs retained for review

Is this the right kind of security work for you?

We do careful, scoped testing for modern B2B SaaS products. Use these criteria to decide quickly and confidently.

Good fit if you value:

Deep, manual testing

You like tracing attack paths, validating assumptions, and writing clear findings beyond scanner output.

Calm, scoped engagements

You prefer predictable scope, non-disruptive testing, and thoughtful communication with clients.

Clear written communication

You can explain risk and remediation to both engineers and security leaders.

Not a fit if you need:

High-volume or incident-response work

We are not a SOC or a rapid-response team, and we do not run 24/7 rotations.

Purely automated testing

Our work is hypothesis-driven and manual; automation supports, but never replaces, analysis.

Constant in-person collaboration

We are remote-first and async-friendly, with deliberate written updates.

Questions before you apply?

We are happy to clarify scope, process, or expectations. There is no pressure to apply.

Ask about fit

Reinforced confidence

Clear scope, calm process, defensible work

People join us because the work is predictable in scope, deep in execution, and easy to stand behind. Clients stay because our reporting is clear and our process stays calm.

Infoblox
Appknox
Atomicwork
Accorian

Select customers shown with permission. The same care and clarity apply to how we work with teammates.

The practical assessment mirrored the real work: scoped, methodical, and focused on clear writeups.

Senior Security Engineer

Recent hire

Expectations were written down early. The feedback was specific and respectful, which made the decision easy.

Application Security Lead

New team member

We have time to trace attack paths and document fixes without rushing. That depth is why the work feels defensible.

Security Researcher

Appsecco

If you want to talk through the work style or interview process, we are happy to share more context.

Safe next step

Ask about roles at your pace.No pressure to apply.

Share what you are looking for and we will clarify scope, process, and timing. If it is not a fit, we will say so.

Ask about roles

or See how we work first

No commitment
Clear scope and interview steps
Respectful, low-pressure process