Ethical Hacker/Pentester

Join Rublon to work with a team of cybersecurity enthusiasts who are building the future of enterprise user authentication. Rublon is a multi-factor authentication platform used by hundreds of customers across the globe to protect employee logins to networks, servers and applications. We are looking for a long-term employee who will support us in the following area: R&D on Multi-Factor Authentication Security Rublon’s research & development activities on Multi-Factor Authentication security will enable us to develop new solutions for passwordless multi-factor authentication. Your responsibilities will include conducting in-depth threat-modelling and cryptographic analysis of Rublon’s authentication flows, prototyping and validating next-generation passwordless methods such as WebAuthn/FIDO2 passkeys, and continuously monitoring emerging attack vectors to keep our MFA stack one step ahead of attackers. Working hand-in-hand with product and engineering teams, you’ll translate research insights into production-ready features and publish security findings that reinforce Rublon’s position as a trusted leader in enterprise identity protection. How You’ll Work • Location – Remote or from our offices in Kraków or Zielona Góra in Poland • Assessment Targets & Tooling – Windows 10/11, Windows Server, Active Directory & Entra ID (Azure AD), Kerberos, NTLM, WebAuthn / FIDO2 passkeys, Linux servers; offensive-security toolset including BloodHound, Mimikatz, Impacket, Metasploit, Responder, Nmap, and custom PowerShell/Python scripts. • Team – work closely with security researchers/analysts and a project manager who coordinate priorities and share findings in weekly threat-hunting syncs. • Language – communicate in Polish or English, whichever is most comfortable for you and your teammates. • Hardware & Lab Access – modern laptop plus isolated virtual test environments and security keys (TPM-enabled devices, FIDO2 keys) for hands-on research. • Self-development – company-funded online courses and certification vouchers to keep your offensive-security skills sharp. • Employee Benefits – private medical care package, MultiSport card, and flexible working hours to support a healthy work–life balance. What You’ll Do As an Information Security Analyst on the Rublon team you will help develop software for modern user authentication: • Research next-generation MFA technologies: Investigate Windows / Windows Server, Active Directory (on-prem & Azure AD), and emerging passwordless standards such as WebAuthn / FIDO2 passkeys, identifying secure integration paths and potential attack surfaces. • Deep-dive into authentication protocols: Analyze Kerberos, NTLM, OAuth 2.0, and SAML flows to uncover weaknesses, propose hardening strategies, and validate cryptographic soundness. • Explore hardware-backed security options: Prototype the use of TPM 2.0, security keys (U2F / FIDO2), biometrics, and Bluetooth LE proximity for frictionless, phishing-resistant login experiences. • Document and communicate findings: Produce clear, risk-ranked reports with reproduction steps, proof-of-concepts, and actionable remediation guidance tailored for product engineering and customer success teams. • Track emerging threats and bypass techniques: Create internal advisories and threat-model updates that inform roadmap and defensive controls. • Support incident simulation and response: Lead red-team scenarios and post-test debriefs, helping stakeholders understand impact and prioritize fixes. Skills You Have • Foundational penetration-testing experience on Microsoft platforms – you’ve performed security assessments of Windows 10/11 or Windows Server environments and can use common tools (e.g., Nmap, Responder, BloodHound) to spot basic mis­configurations. • Good understanding of authentication concepts – you know how MFA, Kerberos, and NTLM work at a high level and can explain typical attack paths such as pass-the-hash or credential relays. • Working knowledge of Active Directory security – you can review group-policy and privilege assignments, map trust relationships, and identify exposures that weaken MFA deployments. • Familiarity with modern MFA standards – you’ve read specifications or lab-tested solutions that use WebAuthn / FIDO2 passkeys, smartcards, or one-time codes, and understand their basic threat models. • Comfort with scripting and PoC creation – you can write small PowerShell or Python snippets to automate reconnaissance, parsing logs, or demonstrating a finding. • Clear written and verbal communication – you translate technical findings into concise, well-structured reports and enjoy explaining risk and remediation steps to engineers and non-technical stakeholders. • Continuous learner mindset – you track new CVEs, read security blogs, and are eager to dig into fresh attack techniques or defensive best practices. • Team-oriented approach – you collaborate well in remote, cross-functional groups, ask questions when stuck, and give constructive feedback during peer reviews and debriefs. Nice To Haves • Hands-on experience testing or administering Azure AD / Entra ID environments. • Practical exposure to hardware-backed factors (TPM, YubiKey, or Bluetooth LE proximity) in authentication flows. • Familiarity with red-team frameworks (e.g., MITRE ATT&CK) and basic threat-modeling methodologies. • Industry certifications such as CompTIA Security+, eJPT, OSCP, or CRTP—proof of commitment to offensive-security skills. • Previous participation in security communities (CTFs, local meet-ups, or published blog posts/papers). Why Apply • Work on mission-critical security challenges – your findings will directly shape Rublon’s next-generation MFA products and protect millions of users from account takeover. • Learn from and with high-performing peers – collaborate daily with experienced penetration testers, cryptographers, and software engineers who enjoy sharing knowledge and sharpening each other’s skills. • Impact without bureaucracy – small, expert teams ship improvements quickly; your recommendations move from report to remediation in weeks, not quarters. Steps After You Apply • You’ll be invited to an online meeting with our recruiter • Afterwards, we’ll ask you to do a small assignment, which will then be discussed with one of our technical leads • If everything goes well, we will make you an offer and invite you to a final interview