Junior Security Professional - Penetration Tester

Who Are We?

Decentralized Masters is at the forefront of DeFi education globally. In just two years, we have grown from a pioneering pair of co-founders to over 140 dedicated professionals. Today, we are recognized as one of the fastest-growing enterprises in the sector, with industry insiders predicting our evolution into a unicorn company by 2030. Operating on a bootstrapped model, we are on track to achieve an impressive $50 million in revenue this year alone.

Our Impact

While our growth has been remarkable, we take even greater pride in the success of our clients. To date, we have empowered over 4000 investors to break into the DeFi world. At Decentralized Masters, we don't just offer education; we cultivate a powerhouse of knowledge combined with an engaging community, innovative technology, and a team of leading DeFi and blockchain experts. Our commitment is to deliver unparalleled resources designed for long-term success in the world of DeFi and Web3, ensuring our members not only safeguard but also enhance their financial future.

Our Vision

Our goal is to create the largest and most influential DeFi ecosystem the world has ever seen, starting with becoming the gold standard in DeFi education. This vision is ambitious, transformative, and poised to change the landscape of digital finance.

Are You Ready?

This is more than just a job; it's an opportunity to shape the future of Web3 technology and education. Are you ready to be part of our vision to redefine what's possible in DeFi and beyond? Apply below, and let's explore this journey together.

Check us out here: https://www.decen-masters.com/

What will you be doing?

We're looking for a hungry, junior security professional whose default instinct is to attack first, patch second. This isn't a governance-and-policy desk job. You'll spend your days trying to break into our own systems, finding the cracks before anyone else does, and then relentlessly closing them.

If your idea of a good day is discovering a misconfigured S3 bucket, popping a shell on a test environment, and writing up the fix before lunch read on.

Break things (on purpose):

• Continuously run penetration tests against our web apps, APIs, internal tools, and cloud infrastructure
• Conduct phishing simulations and social engineering tests against our own team
• Perform recon, enumeration, and exploitation attempts on our systems in a controlled, authorized way
• Hunt for vulnerabilities before real attackers do - then document and escalate them
  
  

Harden everything you find:

• Work directly with engineering to remediate vulnerabilities you uncover

Interested in remote work opportunities in Cyber Security? Discover Cyber Security Remote Jobs featuring exclusive positions from top companies that offer flexible work arrangements.

• Tighten cloud security configurations (AWS) - IAM policies, exposed services, secrets management
• Review access controls and flag over-privileged accounts, then drive least-privilege fixes
• Implement and tune monitoring tools (SIEM, IDS/IPS) so we catch anything that slips through
  
  

Keep the lights on:

• Assist with incident detection and response when real events occur
• Help maintain audit logs and ensure we have visibility across our systems
• Support compliance work (GDPR, SOC 2) as it relates to technical controls
  
  

Requirements

What You Will Bring

Must-have:

• 1-2 years of experience in security, pentesting, bug bounty, or a related hands-on role (or equivalent self-taught experience with proof)
• Demonstrable ability to find and exploit common vulnerabilities - OWASP Top 10, misconfigurations, broken access controls
• Basic cloud security knowledge (AWS preferred) - you know what "public S3 bucket" means and why it's bad
• Comfortable using tools like Burp Suite, Nmap, Metasploit, or similar
• Familiarity with MITRE ATT&CK and how to think like a threat actor
• You document your findings clearly - written reports matter as much as the exploit
  
  

  Browse our curated collection of remote jobs across all categories and industries, featuring positions from top companies worldwide.

Nice-to-have:

• CTF experience or an active HackTheBox / TryHackMe profile
• Any security certifications: eJPT, CEH, Security+, OSCP (in progress counts)
• Scripting ability in Python or Bash to automate recon or testing
• Interest or background in DeFi, crypto, or Web3 security
• Familiarity with smart contract attack vectors (a big bonus)
  
  

Benefits

What We Offer

• Competitive salary
• Fully remote - work from anywhere
• Unlimited PTO and flexible schedule
• Team off-sites and events
• A genuine mandate to break our stuff and make us stronger for it
  
  

Ready to hack with purpose?

If you've been sharpening your skills on bug bounties, CTFs, or homelab environments and want your first real shot at doing this professionally — we want to hear from you. Show us what you've found, what you've broken, and how you fixed it.