Key skills
TypescriptAWSLinuxCI/CD pipelinesGoPythonKubernetesDockerTerraformDevOpsGCPAzureTypeScriptAIGitHub ActionsGitHubCI/CDCollaboration
About this role
XBOW is a pioneering company in offensive security, leveraging AI to enhance security measures against cyber threats. The Pentest Automation Engineer will design and maintain an automated testing program, focusing on public bug bounty environments and open-source projects, while ensuring compliance and efficiency in security operations.
Responsibilities:
- Ownership and execution of a continuous program running XBOW against public bug bounty programs, e.g. companies using HackerOne
- Ownership and execution of a program running XBOW in collaboration with open-source projects (program to be launched in Q2)
- Ensuring that targets are attackable and our activities would be within their bug-bounty scope
- Prioritizing targets based on attack surface and target value
- Incorporation of pre-release XBOW software (e.g. new attack techniques or validators) into the program schedule
- Full end-to-end automation of the attack pipeline, including:
- Scanning and reconnaissance infrastructure
- Safety / compliance checks
- Automated target prioritization and selection
- Automated attack dispatch and management
- Tooling for triage and analysis of findings
- Company-wide dashboard for all active programs
Requirements:
- Professional experience with Typescript in automation tooling
- Professional experience with AWS
- Professional expertise in Linux, and CI/CD pipelines (in particular GitHub Actions) and other Infrastructure & DevOps tooling
- Professional experience with Go or Python in automation tooling
- Professional experience with additional cloud providers (GCP, Azure etc.)
- Professional experience with DevOps and IaC technologies such as Kubernetes, Docker, Terraform