Senior Offensive Security Engineer III

Job Description

Responsibilities

• Conduct offensive security assessments on large-scale web applications, REST APIs, and cloud-backed services.

• Identify and validate vulnerabilities including injection flaws, access control issues, authentication/authorization weaknesses, SSRF, deserialization, and logic bugs.

• Evaluate LLM-based systems and AI agents for prompt injection, data exfiltration, model abuse and jailbreaks

• Design and execute red team–style engagements simulating real-world adversaries.

• Develop custom exploitation tools, PoCs, and fuzzers for web and AI attack surfaces.

• Identify systemic security weaknesses and collaborate with engineering teams to drive long-term mitigations.

• Review architectures and designs for new products with an attacker mindset.

• Produce clear, actionable security reports and present findings to technical and executive stakeholders.

Minimum Qualifications

• Master’s degree in Computer Science, Computer Engineering, Information Security, or a closely related technical field.

• Doctorate (PhD) in a relevant field is a plus but not required.

• 5+ years of experience in offensive security, penetration testing, or red teaming.

• Deep expertise in web application security.

• Strong understanding of API security.

• Hands-on experience testing AI/ML or LLM-based systems, or strong motivation with demonstrated research in this area.

• Proficiency in at least one scripting or programming language (Python, Go, JavaScript, or similar).

• Strong knowledge of common exploitation techniques and attacker tooling.

Preferred Qualifications

• Prior work on adversarial ML, red-teaming AI systems, or secure LLM pipeline design.

• Experience with cloud security (AWS, Google Cloud Platform, Azure) and containerized environments.

• Background in security research, published CVEs, CTF experience, blog posts, or conference talks.

• OSCP, OSEP, OSWE, CRTO, or similar.

Master’s degree in Computer Science, Computer Engineering, Information Security, or a closely related technical field.

What We Look For

• An attacker-first mindset with strong engineering discipline.

• Ability to go beyond scanners and find novel, high-impact vulnerabilities.

• Clear communicator who can translate complex exploits into actionable fixes.

• Curiosity about emerging threats, especially in AI security.

• Ownership mentality and comfort operating in ambiguous problem spaces.