Security Specialist - Penetration Tester & Hardening Specialist at Decentralized Masters

, , Pakistan -

Full Time

Start Date

Immediate

Expiry Date

02 Jun, 26

Salary

0.0

Posted On

04 Mar, 26

Experience

0 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Penetration Testing, System Hardening, Vulnerability Exploitation, Cloud Security, AWS, IAM Policies, Secrets Management, Incident Detection, Response, Audit Logs, Compliance, Burp Suite, Nmap, Metasploit, Social Engineering, Phishing Simulations

Industry

education

Description

Who Are We? Decentralized Masters is at the forefront of DeFi education globally. In just two years, we have grown from a pioneering pair of co-founders to over 140 dedicated professionals. Today, we are recognized as one of the fastest-growing enterprises in the sector, with industry insiders predicting our evolution into a unicorn company by 2030. Operating on a bootstrapped model, we are on track to achieve an impressive $50 million in revenue this year alone. Our Impact While our growth has been remarkable, we take even greater pride in the success of our clients. To date, we have empowered over 4000 investors to break into the DeFi world. At Decentralized Masters, we don’t just offer education; we cultivate a powerhouse of knowledge combined with an engaging community, innovative technology, and a team of leading DeFi and blockchain experts. Our commitment is to deliver unparalleled resources designed for long-term success in the world of DeFi and Web3, ensuring our members not only safeguard but also enhance their financial future. Our Vision Our goal is to create the largest and most influential DeFi ecosystem the world has ever seen, starting with becoming the gold standard in DeFi education. This vision is ambitious, transformative, and poised to change the landscape of digital finance. Are You Ready? This is more than just a job; it’s an opportunity to shape the future of Web3 technology and education. Are you ready to be part of our vision to redefine what’s possible in DeFi and beyond? Apply below, and let’s explore this journey together. Check us out here: https://www.decen-masters.com/ What will you be doing? We're looking for a hungry, junior security professional whose default instinct is to attack first, patch second. This isn't a governance-and-policy desk job. You'll spend your days trying to break into our own systems, finding the cracks before anyone else does, and then relentlessly closing them. If your idea of a good day is discovering a misconfigured S3 bucket, popping a shell on a test environment, and writing up the fix before lunch read on. Break things (on purpose): Continuously run penetration tests against our web apps, APIs, internal tools, and cloud infrastructure Conduct phishing simulations and social engineering tests against our own team Perform recon, enumeration, and exploitation attempts on our systems in a controlled, authorized way Hunt for vulnerabilities before real attackers do - then document and escalate them Harden everything you find: Work directly with engineering to remediate vulnerabilities you uncover Tighten cloud security configurations (AWS) - IAM policies, exposed services, secrets management Review access controls and flag over-privileged accounts, then drive least-privilege fixes Implement and tune monitoring tools (SIEM, IDS/IPS) so we catch anything that slips through Keep the lights on: Assist with incident detection and response when real events occur Help maintain audit logs and ensure we have visibility across our systems Support compliance work (GDPR, SOC 2) as it relates to technical controls What You Will Bring Must-have: 1–2 years of experience in security, pentesting, bug bounty, or a related hands-on role (or equivalent self-taught experience with proof) Demonstrable ability to find and exploit common vulnerabilities - OWASP Top 10, misconfigurations, broken access controls Basic cloud security knowledge (AWS preferred) - you know what "public S3 bucket" means and why it's bad Comfortable using tools like Burp Suite, Nmap, Metasploit, or similar Familiarity with MITRE ATT&CK and how to think like a threat actor You document your findings clearly - written reports matter as much as the exploit Nice-to-have: CTF experience or an active HackTheBox / TryHackMe profile Any security certifications: eJPT, CEH, Security+, OSCP (in progress counts) Scripting ability in Python or Bash to automate recon or testing Interest or background in DeFi, crypto, or Web3 security Familiarity with smart contract attack vectors (a big bonus) What We Offer Competitive salary Fully remote - work from anywhere Unlimited PTO and flexible schedule Team off-sites and events A genuine mandate to break our stuff and make us stronger for it Ready to hack with purpose? If you've been sharpening your skills on bug bounties, CTFs, or homelab environments and want your first real shot at doing this professionally — we want to hear from you. Show us what you've found, what you've broken, and how you fixed it.

Responsibilities

The specialist will continuously run penetration tests against web applications, APIs, internal tools, and cloud infrastructure, focusing on finding and exploiting vulnerabilities before they are discovered by external attackers. A key part of the role involves working directly with engineering to remediate these security flaws, tighten cloud configurations, and implement least-privilege access controls.