Join our team of dedicated professionals working tirelessly to create the most vulnerable banking application possible.
Why Work at VulnBank?
We offer a unique opportunity to work on cutting-edge security challenges every single day. Our commitment to insecurity means you'll never face a boring day of "secure coding." We're not just breaking things—we're leaving them broken in creative ways.
Job Security
With zero rate limiting, no input validation, and intentional vulnerabilities, our job security is guaranteed. We'll always need developers to "maintain" our unique security posture.
Learning Opportunities
Every bug report is a learning opportunity! Our users generously find vulnerabilities we didn't even know we had. It's like having a free penetration testing team.
Work-Life Balance
We don't believe in on-call rotations because our incidents are permanent. Once a vulnerability is deployed, it stays deployed. No patches means no page notifications at 3 AM.
Open Source Culture
Our source code is basically open source anyway. Anyone who can enumerate our directories can read it. We embrace transparency through negligence.
Open Positions
Security Engineer
Engineering
We're looking for someone to own our security strategy. The ideal candidate will not ask questions like "why is the admin panel at /sup3r_s3cr3t_admin" or "can we please hash the passwords." This role is mostly ceremonial.
Responsibilities:
Write blog posts about how "security is a journey"
Nod thoughtfully during code reviews when someone suggests encrypting data
Occasionally update the "last breached" timestamp on our homepage
Explain to management why we can't fix the XSS that allows users to steal other users' JWT tokens
Requirements:
Must believe that "security through obscurity" is a valid strategy
Ability to say "we'll fix it in v2" with a straight face
Comfortable explaining to customers why their passwords appear in breach databases
Backend Developer
Engineering
Join our team of hardworking developers building the future of vulnerable banking. We practice "agile" development in the truest sense—we pivot quickly when someone discovers our credentials table.
Responsibilities:
Write SQL queries directly from user input—it's faster, and what could go wrong?
Implement new features without testing, because our users will test them for us
Avoid using security linters that flag "intentional vulnerabilities"
Respond to GitHub issues with "works on my machine"
Requirements:
Experience with string concatenation in SQL queries
Familiarity with storing secrets in environment variables (and then committing them)
Ability to implement authentication without reading any documentation on the subject
Must think JWT stands for "Just Trust Us"
DevOps Engineer
Infrastructure
Our infrastructure is as secure as our application, which is to say: not very. We're seeking someone to maintain our delicate balance of "it works" and "it's catastrophically broken."
Responsibilities:
Deploy code to production without testing it first
Ensure our servers remain accessible to everyone, including unauthorized users
Set up monitoring that we will ignore
Occasionally restart the server when memory usage hits 100% due to an infinite loop we can't find
Requirements:
Experience with servers that have been compromised multiple times
Familiarity with the phrase "we'll add authentication later"
Comfortable debugging production issues while users are actively exploiting them
Customer Support Specialist
Support
You'll be the first line of defense when customers notice their balance has changed unexpectedly. This role requires patience, empathy, and a willingness to say "we're looking into it" indefinitely.
Responsibilities:
Help users recover accounts after someone guessed their password
Explain that unauthorized transactions are "features"
Respond to emails asking why our app appears on hacking forums
Forward vulnerability reports to /dev/null
Requirements:
Ability to say "your security is important to us" without laughing
Experience writing emails that don't admit fault
Knowledge of copypaste templates for "we take your privacy seriously"
Must not have a background in security (it would only be frustrating)
How to Apply
Email your resume to [email protected]. Please include a cover letter explaining which vulnerability you're most excited to exploit. Bonus points if you submit your application via SQL injection in our contact form—shows initiative!