Ethical Hacker/Pentester

Join Rublon to work with a team of cybersecurity enthusiasts who are building the future of enterprise user authentication. Rublon is a multi-factor authentication platform used by hundreds of customers across the globe to protect employee logins to networks, servers and applications.We are looking for a long-term employee who will support us in the following area:R&D on Multi-Factor Authentication SecurityRublon’s research & development activities on Multi-Factor Authentication security will enable us to develop new solutions for passwordless multi-factor authentication. Your responsibilities will include conducting in-depth threat-modelling and cryptographic analysis of Rublon’s authentication flows, prototyping and validating next-generation passwordless methods such as WebAuthn/FIDO2 passkeys, and continuously monitoring emerging attack vectors to keep our MFA stack one step ahead of attackers. Working hand-in-hand with product and engineering teams, you’ll translate research insights into production-ready features and publish security findings that reinforce Rublon’s position as a trusted leader in enterprise identity protection.How You’ll WorkLocation – Remote or from our offices in Kraków or Zielona Góra in PolandAssessment Targets & Tooling – Windows 10/11, Windows Server, Active Directory & Entra ID (Azure AD), Kerberos, NTLM, WebAuthn / FIDO2 passkeys, Linux servers; offensive-security toolset including BloodHound, Mimikatz, Impacket, Metasploit, Responder, Nmap, and custom PowerShell/Python scripts.Team – work closely with security researchers/analysts and a project manager who coordinate priorities and share findings in weekly threat-hunting syncs.Language – communicate in Polish or English, whichever is most comfortable for you and your teammates.Hardware & Lab Access – modern laptop plus isolated virtual test environments and security keys (TPM-enabled devices, FIDO2 keys) for hands-on research.Self-development – company-funded online courses and certification vouchers to keep your offensive-security skills sharp.Employee Benefits – private medical care package, MultiSport card, and flexible working hours to support a healthy work–life balance.What You’ll DoAs an Information Security Analyst on the Rublon team you will help develop software for modern user authentication:Research next-generation MFA technologies: Investigate Windows / Windows Server, Active Directory (on-prem & Azure AD), and emerging passwordless standards such as WebAuthn / FIDO2 passkeys, identifying secure integration paths and potential attack surfaces.Deep-dive into authentication protocols: Analyze Kerberos, NTLM, OAuth 2.0, and SAML flows to uncover weaknesses, propose hardening strategies, and validate cryptographic soundness.Explore hardware-backed security options: Prototype the use of TPM 2.0, security keys (U2F / FIDO2), biometrics, and Bluetooth LE proximity for frictionless, phishing-resistant login experiences.Document and communicate findings: Produce clear, risk-ranked reports with reproduction steps, proof-of-concepts, and actionable remediation guidance tailored for product engineering and customer success teams.Track emerging threats and bypass techniques: Create internal advisories and threat-model updates that inform roadmap and defensive controls.Support incident simulation and response: Lead red-team scenarios and post-test debriefs, helping stakeholders understand impact and prioritize fixes.Skills You HaveFoundational penetration-testing experience on Microsoft platforms – you’ve performed security assessments of Windows 10/11 or Windows Server environments and can use common tools (e.g., Nmap, Responder, BloodHound) to spot basic mis­configurations.Good understanding of authentication concepts – you know how MFA, Kerberos, and NTLM work at a high level and can explain typical attack paths such as pass-the-hash or credential relays.Working knowledge of Active Directory security – you can review group-policy and privilege assignments, map trust relationships, and identify exposures that weaken MFA deployments.Familiarity with modern MFA standards – you’ve read specifications or lab-tested solutions that use WebAuthn / FIDO2 passkeys, smartcards, or one-time codes, and understand their basic threat models.Comfort with scripting and PoC creation – you can write small PowerShell or Python snippets to automate reconnaissance, parsing logs, or demonstrating a finding.Clear written and verbal communication – you translate technical findings into concise, well-structured reports and enjoy explaining risk and remediation steps to engineers and non-technical stakeholders.Continuous learner mindset – you track new CVEs, read security blogs, and are eager to dig into fresh attack techniques or defensive best practices.Team-oriented approach – you collaborate well in remote, cross-functional groups, ask questions when stuck, and give constructive feedback during peer reviews and debriefs.Nice To HavesHands-on experience testing or administering Azure AD / Entra ID environments.Practical exposure to hardware-backed factors (TPM, YubiKey, or Bluetooth LE proximity) in authentication flows.Familiarity with red-team frameworks (e.g., MITRE ATT&CK) and basic threat-modeling methodologies.Industry certifications such as CompTIA Security+, eJPT, OSCP, or CRTP—proof of commitment to offensive-security skills.Previous participation in security communities (CTFs, local meet-ups, or published blog posts/papers).Why ApplyWork on mission-critical security challenges – your findings will directly shape Rublon’s next-generation MFA products and protect millions of users from account takeover.Learn from and with high-performing peers – collaborate daily with experienced penetration testers, cryptographers, and software engineers who enjoy sharing knowledge and sharpening each other’s skills.Impact without bureaucracy – small, expert teams ship improvements quickly; your recommendations move from report to remediation in weeks, not quarters.Steps After You ApplyYou’ll be invited to an online meeting with our recruiterAfterwards, we’ll ask you to do a small assignment, which will then be discussed with one of our technical leadsIf everything goes well, we will make you an offer and invite you to a final interview