Offensive Security Engineer

This is a fully remote position, open to applicants anywhere in the world.

📋 Description

• Engage directly with the AI agent system, executing tests against targets to identify strengths and weaknesses, while providing structured feedback to enhance coverage and accuracy.

• Validate, reproduce, and escalate findings by creating clear and reliable proof-of-concepts that showcase real-world exploitability.

• Manage disclosures across open-source software projects and bug bounty platforms, ensuring effective communication and adherence to timelines.

• Contribute to public security research and generate technical content that is both relevant and beneficial to the security community.

• Investigate emerging classes of vulnerabilities and attack methods, and translate these insights into enhancements for the system's testing capabilities.

• Develop and maintain custom tooling as required, including automation scripts, payload lists, and testing harnesses designed for specific targets.

⛳️ Requirements

• 3-5+ years of professional experience in offensive security, including penetration testing, bug bounty, or red teaming.

• In-depth knowledge of web application vulnerabilities such as SQL injection, cross-site scripting, server-side request forgery, insecure direct object references, server-side template injection, business logic flaws, authentication bypasses, and their real-world implications.

• Proficient in reading and writing code in Python, Bash, and JavaScript, with the capability to create custom tooling when required.

• Familiarity with public disclosures or Common Vulnerabilities and Exposures (CVEs).

• Excellent written communication skills, with the ability to articulate complex findings to both engineering and security teams.

• Experience with bug bounty platforms and the responsible disclosure process.

• Capability to think critically beyond automated tools, considering systems, attack paths, and edge cases.

🏝️ Benefits

• Competitive salary

• Fully remote - work from anywhere with a global team

• High trust and autonomy from day one