Astec

Agile Software Development

Contact us

Join Rublon to work with a team of cybersecurity enthusiasts who are building the future of enterprise user authentication. Rublon is a multi-factor authentication platform used by hundreds of customers across the globe to protect employee logins to networks, servers and applications. Rublon is a service of Adips, a member of Astec Group.

Astec Group provides IT consulting, custom software development and cloud services. We have helped market leaders to unlock their potential by delivering digital innovation in the automotive, energy and telecom sectors since 1993. Astec teams are hired to advise clients on innovation and to design, build, maintain and support compliant enterprise software solutions.

We are looking for a long-term employee who will support us in the following project:

R&D on Multi-Factor Authentication Security

Rublon’s research & development activities on Multi-Factor Authentication security will enable us to develop new solutions for passwordless multi-factor authentication. Your responsibilities will include conducting in-depth threat-modelling and cryptographic analysis of Rublon’s authentication flows, prototyping and validating next-generation passwordless methods such as WebAuthn/FIDO2 passkeys, and continuously monitoring emerging attack vectors to keep our MFA stack one step ahead of attackers. Working hand-in-hand with product and engineering teams, you’ll translate research insights into production-ready features and publish security findings that reinforce Rublon’s position as a trusted leader in enterprise identity protection.

How You’ll Work

  • Location – Remote or from our offices in Krakow, Zielona Gora
  • Assessment Targets & Tooling – Windows 10/11, Windows Server, Active Directory & Entra ID (Azure AD), Kerberos, NTLM, WebAuthn / FIDO2 passkeys, Linux servers; offensive-security toolset including BloodHound, Mimikatz, Impacket, Metasploit, Responder, Nmap, and custom PowerShell/Python scripts.
  • Team – work closely with security researchers/analysts and a project manager who coordinate priorities and share findings in weekly threat-hunting syncs.
  • Language – communicate in Polish or English, whichever is most comfortable for you and your teammates.
  • Hardware & Lab Access – modern laptop plus isolated virtual test environments and security keys (TPM-enabled devices, FIDO2 keys) for hands-on research.
  • Self-development – company-funded online courses and certification vouchers to keep your offensive-security skills sharp.
  • Employee Benefits – private medical care package, MultiSport card, and flexible working hours to support a healthy work–life balance.

What You’ll Do

As an Information Security Analyst on the Rublon team you will help develop software for modern user authentication:

  • Research next-generation MFA technologies: Investigate Windows / Windows Server, Active Directory (on-prem & Azure AD), and emerging passwordless standards such as WebAuthn / FIDO2 passkeys, identifying secure integration paths and potential attack surfaces.
  • Deep-dive into authentication protocols: Analyze Kerberos, NTLM, OAuth 2.0, and SAML flows to uncover weaknesses, propose hardening strategies, and validate cryptographic soundness.
  • Explore hardware-backed security options: Prototype the use of TPM 2.0, security keys (U2F / FIDO2), biometrics, and Bluetooth LE proximity for frictionless, phishing-resistant login experiences.
  • Document and communicate findings: Produce clear, risk-ranked reports with reproduction steps, proof-of-concepts, and actionable remediation guidance tailored for product engineering and customer success teams.
  • Track emerging threats and bypass techniques: Create internal advisories and threat-model updates that inform roadmap and defensive controls.
  • Support incident simulation and response: Lead red-team scenarios and post-test debriefs, helping stakeholders understand impact and prioritize fixes.

Skills You Have

  • Foundational penetration-testing experience on Microsoft platforms – you’ve performed security assessments of Windows 10/11 or Windows Server environments and can use common tools (e.g., Nmap, Responder, BloodHound) to spot basic mis­configurations.
  • Good understanding of authentication concepts – you know how MFA, Kerberos, and NTLM work at a high level and can explain typical attack paths such as pass-the-hash or credential relays.
  • Working knowledge of Active Directory security – you can review group-policy and privilege assignments, map trust relationships, and identify exposures that weaken MFA deployments.
  • Familiarity with modern MFA standards – you’ve read specifications or lab-tested solutions that use WebAuthn / FIDO2 passkeys, smartcards, or one-time codes, and understand their basic threat models.
  • Comfort with scripting and PoC creation – you can write small PowerShell or Python snippets to automate reconnaissance, parsing logs, or demonstrating a finding.
  • Clear written and verbal communication – you translate technical findings into concise, well-structured reports and enjoy explaining risk and remediation steps to engineers and non-technical stakeholders.
  • Continuous learner mindset – you track new CVEs, read security blogs, and are eager to dig into fresh attack techniques or defensive best practices.
  • Team-oriented approach – you collaborate well in remote, cross-functional groups, ask questions when stuck, and give constructive feedback during peer reviews and debriefs.

Nice To Haves

  • Hands-on experience testing or administering Azure AD / Entra ID environments.
  • Practical exposure to hardware-backed factors (TPM, YubiKey, or Bluetooth LE proximity) in authentication flows.
  • Familiarity with red-team frameworks (e.g., MITRE ATT&CK) and basic threat-modeling methodologies.
  • Industry certifications such as CompTIA Security+, eJPT, OSCP, or CRTP—proof of commitment to offensive-security skills.
  • Previous participation in security communities (CTFs, local meet-ups, or published blog posts/papers).

Why Apply

  • Work on mission-critical security challenges – your findings will directly shape Rublon’s next-generation MFA products and protect millions of users from account takeover.
  • Learn from and with high-performing peers – collaborate daily with experienced penetration testers, cryptographers, and software engineers who enjoy sharing knowledge and sharpening each other’s skills.
  • Impact without bureaucracy – small, expert teams ship improvements quickly; your recommendations move from report to remediation in weeks, not quarters.

Steps After You Apply

  1. You’ll be invited to an online meeting with our recruiter
  2. Afterwards, we’ll ask you to do a small assignment, which will then be discussed with one of our technical leads
  3. If everything goes well, we will make you an offer and invite you to a final interview