Satisfying enough. Corporate red team at a big tech company, so I spend most days hacking first-party / internally developed software at said big tech company - usually developing exploits / PoC for novel vulnerabilities. But also sometimes longer engagements, including physical / SE at times. My favorite so far has been a long engagement where my team surreptitiously embedded ourselves into a build pipeline for a major tech product that goes out to 40m+ consumers, and added an innocuous flag to the source at build time as proof, starting from a physical break-in scenario without using our badges to enter the building.
The worst part of the job by far is drafting and editing reports. This sometimes goes on for several days.
I like it primarily because I get all the excitement of being a nation-state level adversary / threat actor / "bad guy", with none of the legal/moral/ethical risks/harms - my work ultimately contributes towards making our products (and thus our consumers) safer from such threats.
The worst part of the job by far is drafting and editing reports. This sometimes goes on for several days.
I like it primarily because I get all the excitement of being a nation-state level adversary / threat actor / "bad guy", with none of the legal/moral/ethical risks/harms - my work ultimately contributes towards making our products (and thus our consumers) safer from such threats.