Pentest CareersAll jobs

Senior Offensive Security Engineer -SAST, DAST, SCA, IAST

Astra North Infoteck Inc.· Toronto, Ontario· Posted 1mo ago· via Talent.com
region Canada
Apply Now

$ cat job-description.txt

Job Description

Certified Senior Offensive Security Engineer -SAST, DAST, SCA, IAST

Role Overview: You will bring deep offensive security expertise to the agentic AI vulnerability program. You will determine what is truly exploitable, identify how vulnerabilities chain into real attacks, and validate that AI-generated fixes close the actual root cause—not just suppress scanner alerts.

Your offensive analysis, exploit chain reasoning, and false positive judgment will be channeled into AI agents through prompts, evaluation criteria, and workflows that scale your expertise across the bank.

You will work alongside the vulnerability management team and AI capability suppliers, contributing the deep offensive perspective the program needs.

What You Will Do:

• Lead exploitability assessment and false positive analysis across SAST, DAST, SCA, IAST, container, and infrastructure findings

• Translate analysis into reusable AI agent prompts and skills

• Identify exploit chains across vulnerability classes and encode reasoning into agent workflows

• Validate AI-generated fixes and ensure they close exploitable conditions

• Develop offensive prompts, attack scenarios, and evaluation criteria for AI agents

• Translate offensive insights into prioritization signals and remediation guidance via AI-driven workflows

Top 3 Required Skills:

- Offensive security, hands-on exploit development, red teaming, penetration testing

- Hands-on experience in SAST / DAST / SCA / IAST

- Coding in Java, Python, C# or Go

Must-Have Requirements:

• 10+ years in offensive security with hands-on exploit development and red teaming

• One or more certifications: OSCP, OSCE, OSEP, OSWE, GXPN, GWAPT

• Ability to identify and validate exploit chains across vulnerability classes

• Deep understanding of vulnerability types (memory safety, injection, auth flaws, deserialization, race conditions, supply chain attacks)

• Strong code reading ability in at least 3 programming languages

• Hands-on experience with application security testing tools (SAST, DAST, SCA, IAST) and false positive analysis

Nice-to-Have:

• CVEs, conference talks (DEF CON, Black Hat, OffensiveCon, Recon)

• CTF achievements or bug bounty experience

• Software engineering experience in production systems

• Defensive security engineering exposure

• Familiarity with LLMs / agentic AI in security

• CI/CD & container security (Docker, Kubernetes, GitHub Actions, Jenkins)

Requirements

60-70

first seen 2026-05-07 20:24:01 · last verified 2026-06-06 00:24:01

pentestcareers.com // breach the job market

Get new pentesting jobs in your inbox