Remotery

Red Team Engineer – Offensive Security Lead

Posted 2 days ago

This is a fully remote position, open to applicants in United States.

📋 Description

• Design, develop, and manage an AI-enhanced red teaming harness utilizing cutting-edge LLM APIs.

• Create and implement a control loop architecture (Plan | Act | Observe | Adjust) for both autonomous and semi-autonomous vulnerability assessments.

• Integrate the harness with specialized SBOM tools (Endor Labs), CVE monitoring services (NVD, OSV.dev, EPSS/KEV, GitHub Advisory Database, and vendor-specific advisories), and our CI/CD pipeline (Snyk, SonarQube).

• Perform adversarial testing from four attack perspectives: (Internal source code, External unauthenticated adversary, Internal authenticated user, and Internal unprivileged adversary).

• Link findings to identify exploitable pathways and associated vulnerabilities.

• Validate and prioritize findings using CVSS, EPSS, and KEV context prior to transferring them to the patch management process.

• Assist in the development and daily management of Authentic8's internal Bug Bounty Program.

• Collaborate with engineering teams on tailored mitigation strategies when vendor patches are not available.

• Take responsibility for security stage-gates within our CI/CD pipeline, incorporating Snyk, SonarQube, and findings from the harness into the build workflow.

• Work closely with the SOC Lead on CVE monitoring, alerting, and prioritization workflows for vulnerabilities.

• Collaborate with DevSecOps Engineers on the architecture of the harness and pipeline integration.

• Provide technical insights to the Integrated Operations Center regarding detection use case design for our SIEM.

• Regularly update the VP of Information Security on findings, program status, and checkpoint criteria.


⛳️ Requirements

• 5+ years of experience in cybersecurity, penetration testing, or red team operations.

• Proven experience in tool development: scripting exploits, automating workflows, or building test harnesses (Python and/or Go is highly preferred).

• Practical experience with LLM APIs within a security or agent context, demonstrating an understanding of tool usage, control loops, and context management in agent architectures.

• Strong proficiency in static and dynamic analysis (SAST/DAST) and the ability to interpret and link findings from automated tools.

• Familiarity with CVE and vulnerability data sources, including NVD, EPSS, KEV, OSV.dev, and the GitHub Advisory Database.

• Experience in testing cloud-based SaaS platforms (preferably with knowledge of GCP).

• Basic understanding of container security (containerized, Docker) and Linux-based systems.

• Ability to work autonomously, manage your own tasks, and achieve specified milestones.

• Exceptional documentation and communication skills.

• Must be a US citizen.


🏝️ Benefits

• Medical insurance

• Dental coverage

• Vision insurance

• Flexible paid time off (PTO)

• 401k program

• Stock options

People also viewed

Salesforce1 day ago

Security Practices Director

US flagColorado, +4 more statesFull-timeCybersecurity / Security Engineer$171.2k – $273k/year
ApplyView job
Plurilock1 day ago

Endpoint Security Engineer – Carbon Black, Symantec

US flagNew Jersey OnlyFreelanceCybersecurity / Security Engineer
ApplyView job
Navitas Business Consulting, Inc.1 day ago

Security & Endpoint Engineer

IN flagIndia OnlyFull-timeCybersecurity / Security Engineer
ApplyView job
Foresite Cybersecurity2 days ago

Offensive Security Engineer, Horizon3.ai NodeZero

US flagUnited States OnlyFull-timeCybersecurity / Security Engineer
ApplyView job
MazeJul 5

Security Research Lead

EuropeFull-timeCybersecurity / Security Engineer
ApplyView job
Longbow AdvantageJul 4

Head of Infrastructure, Security

CA flagCanada OnlyFull-timeCybersecurity / Security Engineer
ApplyView job

Never miss a great job!

Get handpicked remote jobs straight to your inbox weekly.

Trusted by 7,400+ designers