About PDQ
PDQ, founded in Salt Lake City, UT, USA, makes device management simple, secure, and Pretty Damn Quick through our products Deploy, Inventory, Connect, Detect, SimpleMDM and SmartDeploy. IT teams use our products to reduce complexity, improve efficiency, and enhance control in their unique environments. We are backed by TA Associates and Berkshire Partners, top-tier global private equity firms.
PDQ's Core Values: Honesty, Ownership, Collaboration and Improvement
Job Description:
Before you apply, please note:
- This is a fully remote opportunity for candidates residing in Romania.
Help us break things before the bad guys do.
At PDQ, we believe the best way to protect our systems is to know how to break them first. We're hiring a seasoned Offensive Security Engineer to proactively uncover vulnerabilities in our applications, infrastructure, and cloud configurations before adversaries can.
You’ll lead internal penetration testing efforts, simulate realistic attacks, build custom tooling, and work alongside engineering and product teams to eliminate risk at the root. You'll thrive here if you have a nose for flaws and the curiosity to explore systems deeply.
What you'll be doing:
Penetration Testing & Red Teaming
- Conduct internal penetration tests and red team-style adversarial simulations against PDQ’s web applications, APIs, endpoint agents (Windows, macOS, Linux), and GCP cloud infrastructure.
- Lead internal red team or adversary simulation engagements.
- Target authentication (AuthN), authorization (AuthZ), and business logic flows for privilege escalation or misuse.
Secure Architecture & Code Review
- Analyze source code (Elixir, Ruby, Python, C++, Rust, Go) for vulnerabilities, logic bugs, and insecure design patterns.
- Collaborate with engineering during the SDLC to review PRs, define secure coding standards, and ensure “secure-by-default” design principles.
- Support secure-by-default practices across engineering, infrastructure, and product teams.
Tooling & Automation
- Build or extend security tooling for fuzzing, recon, PoC generation, scanning, and attack surface analysis.
- Integrate SAST/DAST tools and fuzzers into CI/CD pipelines for automated security testing.
- Maintain or contribute to internal and open-source offensive security tools or exploit frameworks.
Cloud & Supply Chain Security
- Map and monitor attack surfaces including APIs, IAM policies, service accounts, and cloud assets.
- Identify and test GCP-specific risks such as misconfigured IAM, over-permissive roles, and storage exposures.
- Evaluate third-party libraries and dependencies for supply chain risks and signing integrity issues.
Knowledge Sharing & Reporting
- Document vulnerabilities with repro steps, severity analysis, and developer-focused remediation guidance.
- Clearly communicate technical risk and impact to stakeholders of varying technical backgrounds.
- Share insights via demos, writeups, and internal training to uplift the broader engineering team’s security awareness.
- Collaborate with blue teams and contribute to detection tuning or purple team handoffs when necessary.
We're looking for people who have:
- 5+ years of experience in offensive security, penetration testing, or red teaming in production environments
- Deep understanding of web app vulnerabilities (OWASP Top 10, SSRF, IDOR, RCE, insecure deserialization, etc.).
- Proven ability to exploit flawed AuthN/AuthZ logic (e.g., token validation bypass, OAuth misconfiguration, RBAC/ABAC abuses).
- Hands-on experience with reverse engineering or analyzing agent-based software (especially in C++, Rust, or Go).
- Proficiency in cloud security assessment, especially within GCP environments (e.g., API abuse, IAM misconfigurations, privilege escalation).
- Experience with manual code review in Elixir, Ruby, or Python.
- Familiarity with security tools such as Burp Suite, ZAP, mitmproxy, Postman, Frida, Ghidra, or custom tooling.
- Track record of responsible disclosure or published CVEs is a strong plus.
Who you are:
- Able to explain risk clearly and respectfully to developers, product managers, and leadership.
- Motivated by curiosity, exploration, and a drive to understand how systems can fail.
- Enjoys mentoring and raising awareness through collaboration and education.
- Comfortable operating in fast-paced, iterative development environments.
PDQ Perks & Benefits:
PDQ offers all of the great perks and benefits you'd expect from working at a very cool tech company, and even some you might not expect, including:
- Supplemental health insurance
- Equity
- PDQ issued laptop and equipment
PDQ is proud to be an equal opportunity workplace and do not discriminate on the basis of sex, race, color, age, pregnancy, sexual orientation, gender identity or expression, religion, national origin, ancestry, citizenship, marital status, military or veteran status, genetic information, disability status, or any other characteristic protected by federal, provincial, state, or local law. If you would like to request reasonable accommodation for a medical condition or disability during any part of the application process, please contact hr@pdq.com.