Microsoft Ventures has led a $21.25 million investment round in Synack, a cybersecurity startup that pays hackers to hunt for bugs in customers’ software.
Also joining in the round—the Redwood City, Calif.-based firm’s “Series C’—were Hewlett Packard Enterprise (HPE) and Singaporean telecom company Singtel’s venture arm, Innov8.
Synack operates sort of like an Uber for penetration testers, facilitating private bug bounty programs for high-end customers. The company manages a remote network of vetted hackers for hire that perform controlled “red team” operations, discovering and reporting weaknesses in client’s digital defenses.
Get Data Sheet, Fortune’s technology newsletter
“The only way we’re going to beat the Russians attacking us is to leverage the Russians in this methodology,” said Jay Kaplan, CEO of Synack and a former counterterrorism operative at the National Security Agency, half-jokingly on a phone call. Kaplan co-founded the firm with Mark Kuhr, Synack’s tech chief and another NSA alum, in 2013.
Like rival bug bounty startups HackerOne and BugCrowd, Synack uses crowdsourced researchers from around the globe to give defenders an edge against attackers. The firm also sells vulnerability-scanning software called Hydra to help organizations find chinks in their systems.
Among Synack’s customers are the Defense Department and the IRS, although Kaplan notes that the federal government has limited participation in its programs to people hailing from allied nations only.
With the new investment round, Synack aims to expand internationally in Europe and the Asia Pacific region. “We see it as a great go-to-market opportunity as we continue expanding our customer base,” Kaplan said.
“The strong industry support for Synack is a great signal that we’re making meaningful progress in the global cybersecurity battle,” added Kim Faris, GV general partner, in an emailed statement.
Nagraj Kashyap, corporate vice president at Microsoft Ventures, said in an emailed statement: “It is definitely one to watch.”