Staff Offensive Security Engineer

You will design and execute stealthy adversarial simulations, red team operations, and penetration tests across applications, infrastructure, networks, offices, and internal processes. You will perform threat modeling for new and existing services, conduct vulnerability research and exploit development, and write tooling to automate and scale offensive assessments. You will partner with detection and response to simulate realistic attacks, evaluate monitoring and incident response readiness, document findings with remediation recommendations, and mentor teammates while sharing knowledge through documentation and presentations.

Responsibilities

• Plan and execute red team operations, adversarial simulations, and penetration tests across applications, infrastructure, networks, offices, and internal processes
• Perform threat modeling for new and existing services and communicate security risks to stakeholders
• Conduct vulnerability research and exploit development using custom tooling and public techniques
• Partner with detection and response to simulate realistic attack scenarios and evaluate monitoring and incident response readiness
• Write and maintain tooling to automate and scale offensive security assessments
• Document findings, recommend remediation strategies, and support teams through fixes
• Mentor teammates and contribute to shared knowledge through documentation and presentations

Requirements

• 8+ years of hands-on experience in red teaming, offensive security, or penetration testing
• Demonstrated experience mentoring or guiding other security engineers
• Strong understanding of threat modeling methodologies and the MITRE ATT&CK framework
• Experience testing modern environments including cloud platforms (AWS, GCP), containerized systems (Docker, Kubernetes), CI pipelines, and identity systems
• Working knowledge of defensive security tools such as IDS/IPS, EDR, packet capture, and network monitoring, including evasion techniques
• Proficiency in Python, Go, or JavaScript for exploit development, tooling, or automation
• Clear written and verbal communication skills and experience collaborating with distributed teams using tools such as Slack, Jira, GitHub, and email

Benefits

• Performance driven compensation with multipliers, bonus programs, and equity ownership
• Supplemental health insurance, ancillary insurance, and mental health support programs
• Lifestyle wallet employer-paid benefits spending account for wellness, childcare, learning, and more
• Company holidays, paid time off, sick time, paid volunteer time off, and parental leave
• Exceptional office experience with catered meals, events, and comfortable workspaces
• Monthly commuter stipend