Offensive Security Engineer

📋 Description

• Conduct penetration testing on applications throughout our technology stack, uncovering vulnerabilities in APIs, mobile applications (Android/iOS), and infrastructure ahead of potential attackers.

• Strategically plan and implement realistic attack simulations, including phishing with custom domains, social engineering tactics, lateral movement, and privilege escalation. Assess genuine organizational resilience rather than mere compliance with standards.

• Develop security platforms, scanning pipelines, and automation processes that enhance the effectiveness of the team.

• Create and construct LLM-powered agents that can detect, classify, triage, and rectify vulnerabilities in real-time.

⛳️ Requirements

• In-depth understanding of common vulnerabilities, exploitation methods, and secure coding practices. You possess the ability to identify bugs directly in source code, not solely through a proxy.

• Proven experience in web application and API penetration testing. Mobile penetration testing (Android/iOS) is considered a significant advantage.

• You engage in coding on a daily basis. Proficiency in Typescript, Go, or similar languages is required, with an emphasis on developing tools and services that others can depend on, not just scripts.

• Knowledge of cloud infrastructure security (GCP/AWS/Azure), Kubernetes, and service mesh concepts is essential.

• Familiarity with CI/CD pipelines and the integration of security checks within them.

• Experience utilizing LLMs or AI agents for security-related tasks.

• Strong communication and collaboration abilities to effectively partner with engineering teams.

🏝️ Benefits

• Competitive salary and performance-based bonuses.

• Flexible work hours and remote work options.

• Opportunities for professional development and continuous learning.

• Comprehensive health benefits and wellness programs.