Security Engineer (Penetration Testing/Red Team)

TL;DR

Security Engineer (Penetration Testing/Red Team): Conducting comprehensive penetration testing and attack-defense drills to secure crypto financial systems with an accent on red team operations and infrastructure security. Focus on bypassing blue team defenses, vulnerability mining in Java/Go/Python, and developing automated exploitation tools.

Location: Must be based in or able to work from Shenzhen or Hong Kong

Company

hirify.global is a leading regulated crypto brand in the Philippines, providing mobile financial services to over 18 million users.

What you will do

• Conduct comprehensive penetration testing on company applications and systems.
• Organize and execute regular attack-defense drills.
• Test and bypass blue team defenses to identify and remediate security gaps.
• Research and implement cutting-edge offensive and defensive security tools.
• Develop countermeasures and TTPs based on real threat intelligence and APT models.
• Participate in building detection rules and intrusion traceability capabilities.

Requirements

• 5+ years of practical experience in attack and defense security.
• Proven ability to independently complete penetration testing.
• Experience with internal network penetration, domain penetration, and cloud security (AWS).
• Proficiency in container and Kubernetes security attack and defense.
• Strong knowledge of Linux/Windows internals, databases, and privilege escalation.
• Experience in code auditing and vulnerability mining using Java, Go, or Python.

Culture & Benefits

• Opportunity to work with a fast-growing, regulated crypto organization.
• Cross-functional collaboration to drive meaningful impact on customer experience.
• Clear pathways for career advancement as the company expands globally.
• Culture that values data-backed ideas and innovation.