Our Mission and Vision
At Solidgate, our mission is clear: to empower outstanding entrepreneurs to build exceptional internet companies. We exist to fuel the builders — the ones shaping the digital economy — with the financial infrastructure they deserve. To achieve that, we’re on a bold path: to become the #1 payments orchestration platform in the world.
We believe the future of payments is shaped by people who think big, take ownership, and bring curiosity and drive to everything they do. That’s exactly the kind of teammates we want on board.
We’re building the #1 payment orchestrator in the world — and the names behind us prove it. Clients include Bolt, Ajax, Nova Post, MEGOGO. Trusted by giants like J.P. Morgan. Ranked #2 in the “Employer of the Year 2026” award by Forbes Ukraine.
Why This Role Is Critical
The platform processes millions of payments across 120+ services — 70+ of which touch cardholder data directly — and the attack surface grows with every new integration. This role exists to run continuous adversary emulation against that surface: finding real attack paths before attackers do, and making sure the blue team can detect and stop them. It’s offensive security with a clear mission, not a checkbox exercise.
Explore our technology stack ➡️ here.
What You Will Own
Plan and execute full-scope red team operations across external perimeter, web/API, AWS infrastructure, corporate identity providers, and human attack vectors (phishing, social engineering)
Build and run external testing programs — structured pentests and a bug bounty program with defined scope, rules of engagement, and triage process
Run purple team cycles with the SOC: exercise specific techniques together, assess detection coverage, and hand off concrete recommendations for improving detection use cases
Deliver risk-ranked reports with realistic impact analysis — written for both engineers and management — and track findings through remediation to revalidation
Develop custom offensive tooling and automate repeatable test scenarios so coverage scales without bottlenecking on manual effort
Validate that security controls actually work in the environment where they’re deployed, not just in theory
Our Ideal Candidate
4+ years in offensive security, penetration testing, or red team operations — with real engagements in production environments, not just labs or CTFs
Hands-on red team / adversary emulation experience mapped to MITRE ATT&CK — end-to-end operations, not automated scanning
Web and API exploitation beyond automated tools: manual techniques, OWASP Top 10 at the exploitation level
Cloud attack experience, primarily AWS: IAM abuse, privilege escalation, misconfiguration exploitation, CI/CD pipeline attacks
Scripting and tool development in Python, Go, or Bash/PowerShell for custom scenarios and automation
Strong written reporting: you can explain an attack path and its business impact to a CISO and to an engineer, in the same document
High operational discipline: OPSEC, ethics, and rules of engagement in environments with sensitive financial data
The Points That Make You Stand Out
Purple teaming experience and enough detection knowledge to translate an attack into a detection use case for the SOC
Secure code review and exploit development for specific scenarios rather than generic vulnerability classes
Familiarity with payment domain specifics: card processing flows, PCI DSS scope, SWIFT
Contributions to open-source offensive tooling, published research, or CVEs
Why This Role Is a Career Accelerator
You’ll own the offensive security direction at Solidgate from scratch — adversary emulation program, tooling, bug bounty, and purple team cadence are yours to define
The attack surface is genuinely complex: AWS-native infrastructure, 120+ microservices, a proprietary acquiring module, and regulated payment data flows
Your findings directly change architecture decisions and engineering practices — not just a backlog of low-
