Be part of Fluid Attacks

Carefully read each section below and make sure you understand it. Do not skip any sections.

Careers

Are you interested in becoming part of our team? If so, please carefully read each section below and make sure you understand it. Do not skip any sections.

If you have any questions about any item, do not hesitate to email us at [email protected]

Before starting the selection process, it is important that you know the following:

1. Who we are?

At Fluid Attacks, we specialize in red team operations as well as technology development that continuously enhances our security testing services. We provide speed, precision and scalability to hacking projects which identify all vulnerabilities in our clients' systems.

If you still don't know who we are and what we do, please read our About us section.

2. What are we looking for?

We are looking for people who are passionate about what they do. We don't really care what you studied or what you know, but what you can learn and how disciplined, ethical and responsible you are.

3. Openings

The goal of this stage is for you to understand the roles you can have in Fluid Attacks.

  • Ethical Hacker / Pentester: We need people with a developer profile, who like to program, and are interested in Information Security for pentesting.

    You must have a basic knowledge and understanding of networks, IT infrastructure and be able to work effectively as part of a team.

    Previous work experience is not needed. You do not need to have a university degree. You must be available full-time, but scheduling is negotiable if you are a student.

  • Software Developer:

    1. Security scanners for vulnerability detection (SCA, SAST, DAST, RE etc).

    2. Data pipelines that extract data to later be analyzed with Big Data techniques.

    3. We control the product roadmap and we decide what will be incorporated into our products.

    4. We hate excessive planning and useless meetings, we believe in the power of programming and that code speaks for you, not handbooks or documentation.

    5. We love python with duck typing as a central development tool, our frontend is built in typescript and react, using only stateless components.

    6. We do not say that we are DevOps, we live DevOps by having more than 70 daily deployments to production.

    7. All the infrastructure is as it is in Terraform, deployed in AWS and with a Kubernetes cluster which is the heart of our operation and that allows us to have high availability systems.

    8. All problems are treated as software problems, following SRE principles

  • IT Support Assistant: This is an intern position for systems and software areas. You must have experience in the use of office solutions.

  • IT Project Manager: You must have a university degree, basic technical knowledge, understanding of information security, and some relevant experience in networks and IT infrastructure. PMP (Project Management Professional) certification is a plus, but not mandatory in order to apply for this position.

4. Reasons to Work With Us

  • Hackers that develop their own tools: When we have projects, we hack applications or corporate networks. When we do not have projects, we develop our own software tools. This is why we are looking for hackers that are passionate about programming. Our favorite technologies are Linux, Git, Python, Docker, Ansible, and Amazon Web Services. It does not matter if you have not yet mastered these tools. With Fluid Attacks, what matters is your capacity to self-teach and learn new skills to address challenges we face on a daily basis, the discipline with which you face challenges, the honesty to say what needs to be said, and the ability to listen and communicate in a manner that fosters respectful and equal collaboration with other team members.

    Do you want to take part in the most challenging selection process there is? A selection process where no matter the result, you will learn more than with any other company? If so, then we invite you to participate and see for yourself that with Fluid Attacks it is better to do then to know. Our selection process is guided using Git, provides feedback through continuous integration and allows you to improve your world ranking in programming and hacking, as well as your GitLab profile. You don’t need to have graduated, nor be enrolled in a college or university, nor have any specific work experience. The only thing that matters is that you show us you can learn, on your own, at an expected rate.

  • Short projects and high rotations: This allows you to constantly become familiar with new organizations, different problems, different methods, and to broaden your knowledge.

  • Continuous improvement based on International Standards: Fluid Attacks was the first company in Colombia to obtain an ISO/IEC 27001 (Information Security) certification at the same time as we obtained the ISO 9001 certificate. Also, our continuous improvement process uses the ISO/IEC 17025 and Common Criteria standards as a reference for all security tests.

  • Work with industry leaders: Fluid Attacks provides information security services to some of the biggest organizations in Colombia. This means that there will always be challenging projects in which you can participate. To know our clients, enter here.

  • Great talent working together: Our most valuable asset is our people and we are proud of our amazing team. In fact, it is a very young team with an average age of 25. We believe our talented team makes Fluid Attacks a competitive place to work and, at the same time, a great place to learn and develop your skills. The first three Debian developers in Colombia work with Fluid Attacks. Compared to other companies, Fluid Attacks has the highest percentage of employees certified in CEH and OSWP. The majority of the team members of the Latin American Security Wargames Championship work with us. Additionally, our employees have important certifications such as CEH, OSCP, CompTIA, eCPTXv2, CARTP, CRT, GPEN, GXPN.

  • Maintaining contact in academia: To us, it is very important to maintain close relationships in academia. This is why some of our employees teach or have taught courses and lectures at different universities, covering topics such as:

    1. Information Security.

    2. Secure Development Lifecycle.

    3. Programming.

    4. Networks.

    5. Operating Systems.

    6. Distributed Systems.

5. The Selection Process

It is important that you know that the duration of the selection process is 90% in your hands due it is totally online.

Below follow the step by step to apply.

  • Apply: The goal of this stage is that you send us your CV and your expectations. This is mandatory and requires an estimated effort of 5 to 10 minutes, depending on your profile. Before doing this, you must first complete the previous stage. To begin, click the following link.

  • History: The goal of this stage is to register your previous work experience. This is optional If you have no previous experience and requires an estimated effort of 3 to 5 minutes per job prior to this one. Before doing this, you must first complete the previous stage.

  • Evaluations: The goal of this stage is to assess your skills and abilities in different areas. This is mandatory and requires an estimated effort of 2 to 3 hours, depending on your knowledge, with an average time of 1 minute to answer each question. Before doing this, you must first complete the previous stage.

  • Challenges: On some occasions, challenges will be assigned to be able to evaluate some technical activities.

    The realization of the challenges depends 100% on you since they are totally virtual.

  • Interview: The goal of this stage is to show your interest and desire to be a part of Fluid Attacks through a video interview. It requires an estimated effort of 45 to 60 minutes. Our interviews are conducted by video call.

  • Security process: At this stage of the process, we verify and perform:

    1. References: The goal of this stage is to validate the references from your previous jobs. This is mandatory and requires an estimated effort of 15 to 25 minutes. The referral step also includes a home visit and requires an estimated effort of 1 hour.

    2. Polygraph: Our company is focused on information security and for this reason we may require you to take a polygraph test during the selection process. This step is mandatory and requires an average effort of 2 hours.

  • Offer: If you reach this stage in the process, we will send you a job offer via email detailing the terms and conditions of the offer we have for you. If you have any doubts, you must state them in the same email thread.

  • Hiring: Once we come to an agreement regarding the offer, we will email you with a list of documents you must provide to complete this stage.

Finally, we will notify you with the results. Although it is a long process, it can be completed in a short amount of time. In some cases, it can take less than 2 weeks.

6. Additional information

At Fluid Attacks, all systems are constantly monitored through automatic time and activity control systems. We do this to:

  • Assure the security of our clients' information.

  • Be objective, precise, and fair in the performance evaluation.

At Fluid Attacks, we follow an ethics code which you can read by clicking here.

Frequently Asked Questions

  • Questions? Please see our FAQ here.
Fluid Logo Footer

Hacking software for over 20 years

Fluid Attacks tests applications and other systems, covering all software development stages. Our team assists clients in quickly identifying and managing vulnerabilities to reduce the risk of incidents and deploy secure technology.

Copyright © 0 Fluid Attacks. We hack your software. All rights reserved.