Vim

Penetration Tester

3+ months agoTel Aviv, Israel

Vim is Looking For a Penetration Tester!


Vim's mission is to power affordable, high quality health care through seamless connectivity. We're a technology company that builds digital infrastructure for US health care. Health plans, patients, and medical providers of every size – from independent practitioners to integrated delivery systems – use our software to connect data and care across the health system.

We need an experienced penetration tester to break our apps, find the hidden gems that everyone else missed and raise the bar. Our goal is to have ZERO security bugs in our product. Impossible? Maybe.

Why Vim? We put mission and culture at the front and center of everything we do. We’re a tribe of optimists and we pride ourselves on experimentation, intellectual diligence, and earnest hard work. We are all owner-operators at Vim, meaning we’re transparent, accountable, and relentlessly focused on results for our customers and our business.  

Specific responsibilities will include: 

  • Conduct manual security assessments against web and desktop applications and APIs 

  • Assess the risks of new initiatives and features

  • Evaluate and test exploitation paths for open source libraries 

  • Assess security risks for application design and architecture

  • Perform threat modeling of new product features.

  • Present findings and work closely with development teams to ensure products are developed in line with our security standards.

You should be:

  • Highly independent: you take ownership of challenges and you thrive in ambiguity; you carefully research and recommend solutions and drive execution autonomously

  • Interpersonal skills: you’re a great communicator, generally a people person, and you thrive in a fast-paced team environment with high-performance standards

  • Ability to work under pressure and deliver fast 

  • Flexible perspective: you can see the big picture while staying detail-oriented; you can zoom in and out with ease

  • Can-do attitude: you bring a strong desire and drive to tackle complex problems

You should bring:
Must have: 

  • At least 3 years of expertise in hands-on web application pen testing

  • Knowledge of OWASP

  • Knowledge of application architecture (web & desktop)

  • Experience with threat modeling

  • Excellent interpersonal communication skills

  • Bright, creative, highly motivated with high self-learning skills

Nice to have:

  • Offensive Security Certifications such as OSCP, AWAE, OSCE

  • Knowledge of DevOps and DevSecOps practices (including CI/CD security controls)

  • Experience in application development with at least one modern programming language.

  • Experience with performing code reviews

  • Experience with assessment of containerized environments (Docker, Kubernetes).

  • Experience with static code analysis tools and fuzzing tools.

  • Experience with CTFs and/or bug bounties

More about Vim: Our R&D team and HQ is located in Tel Aviv. Our customer facing US team is mostly remote, with concentrations in San Francisco and a brand new New York City office, meaning our culture is an international one and we collaborate closely across time zones. Our incredible customers and investors include leaders in the healthcare industry as well as familiar VCs. 

Vim is a place where team members thrive and grow. We’re a progressive and inclusive meritocracy. Bring your unique background and experience, and join us in the journey. 

By inputting your information and clicking “Submit Application”, you acknowledge that you have read and agree to Vim’s Candidate Privacy Notice.

Job ID: 2226972