Private equity funds have long been one of the most attractive investment opportunities, outperforming public market benchmarks, like the S&P 500. But these funds have also been difficult or impossible to access, especially for individuals. Onerous paperwork, high investment minimums (~€10m) and difficulty picking a fund have all been hurdles that kept individuals out. Access has always been dominated by institutions or a select few. Enter Moonfare.
Moonfare is revolutionising access to private equity using a fully digital platform that provides qualified investors access to selectively vetted top-performing funds within 15 minutes and at minimums as low as €50,000. Moonfare provides investors with innovative reporting and the potential to trade their stakes in funds using our Secondary Market. We are introducing never before seen transparency and liquidity to private equity, and with our ongoing expansion across key markets in Europe and Asia, we are enabling investors around the world to reach further.
The Moonfare team brings together individuals with a wealth of different backgrounds, from leading investment and private banks and private equity fund managers to disruptive tech startups, leading newspapers and top law firms. Moonfarians strive to keep growing and want to challenge the status quo while working as a team to deliver innovative solutions and the Moonfare vision.
Senior Security Engineer (Berlin / Lisbon / Portugal)
As Senior Security Engineer (Offensive Security), you will work within the Moonfare Security team to protect our application, data, cloud infrastructure, network and workstations. You will own the off-sec operations including penetration testing of our web application, and cloud infra. & network. As a senior member of the team, you will have high autonomy in your day-to-day work and you will be the owner of our vulnerability management program as well as the bug bounty program, helping the organization to test & improve its security controls. You will work closely with development and other tech teams to prioritize security issues and facilitate them with fixes, as well as with the Detection team to prioritize defence for high-severity threats.
- Continuously pentest Moonfare's web application and services
- Perform triage of vulnerabilities from bug-bounty reports, external pentest reports etc.
- Develop scripts, tools, and methodologies to improve Moonfare's Vulnerability Management Program
- Conduct application security reviews
- Work with Product teams to prioritize and resolve security vulnerabilities in a timely fashion
- Own, manage and improve Bug Bounty and Vulnerability Management Programs at Moonfare
- Define and improve application security standards internally
- Contribute to the Purple team exercises
- Conduct threat modelling exercises with development teams
- Provide security training and outreach to development teams
- Own and reduce the attack surface of Moonfare in collaboration with other security functions
The next Moonfarian:
- Pentest experience ideally in an in-house security team
- Strong experience in persisting, pivoting & privilege escalation in AWS workloads
- Hacker mindset, keen to build Red/Purple Team operations at Moonfare
- Pentesting certifications such as OSCP, OSWE, GWAPT, eWPT & eWPTX and other related certs are a huge plus
- Experience with pentesting APIs & micro-services
- Experience in bug hunting, managing bug bounty & vulnerability disclosure programs
- Experience in web application development in at least one of these languages: PHP, Python, Go, NodeJs
- Knowledge of docker, K8s & AWS security services
- Strong communication skills in English
Invest in yourself:
- Ownership: All team members are empowered to bring ideas, make decisions and have impact. Participate in our equity program and share in our success.
- Transparency: Everyone at Moonfare is regularly updated on strategic progress, KPI tracking, product updates and changes.
- Growth: Not only will you grow in your role, you also have access to an individual growth budget of €1,500 or 2% of base salary (whichever is higher).
- Diversity: Our Diversity Committee ensures we hold ourselves accountable and continuously improve our D&I initiatives.
We understand the important role that diversity plays in our success. Different backgrounds, experiences and ideas push us further and raise the bar. We’re committed to developing an inclusive and safe culture where everyone — regardless of colour, race, religion, sex, origin, sexuality, disability, marital status, citizenship or gender identity — knows that they are an integral part of the team and can bring their full potential to their work.
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Not Provided