Senior Offensive Product Security Engineer

As an Offensive Product Security Engineer, you will play a critical role in safeguarding our products by identifying and mitigating security vulnerabilities. You will conduct comprehensive security assessments, including penetration testing, threat modeling, and code reviews, to ensure our products are resilient against potential attacks. Your expertise will help shape our security strategy, enhance our security posture, and protect our customers’ data.

Starting base pay for this role is between $140,000 and $175,000. The actual base pay is dependent upon many factors, such as transferable skills, work experience, business needs, training, location, and market demands. The base pay range is subject to change and may be modified in the future. This role will be eligible for a bonus as well as competitive medical, dental, and vision benefits, wellness reimbursement, life insurance, and a 401(k) with company match. We offer vacation and sick leave benefits (under a flexible time off policy in most states). 

• Lead and conduct advanced penetration testing and vulnerability assessments on our products and infrastructure.
• Lead, develop and deploy realistic attacks to test security defenses.
• Develop and maintain security documentation, including policies, procedures, and guidelines.
• Carry out controlled attacks to evade detection, simulate real-world attacks to exploit potential weaknesses.
• Prepare and deliver technical reports to internal stakeholders
• Perform vulnerability assessments, triage and provide prescriptive remediation for identified vulnerabilities
• Assist in incident response and forensic analysis when security incidents occur.
• Collaborate with development teams to integrate security best practices into the software development lifecycle.
• Assist in developing and executing threat models to identify potential security risks
• Stay current on exploitation and post-exploitation techniques and incorporate them into the penetration testing
• Other duties as assigned

• Bachelor’s or master's degree in computer science, Information Security, or a related field.
• 6+ years of experience in information security with focus on application and cloud security
• 4+ years of hands-on experience in offensive security, including exploit development, vulnerability research, and penetration testing
• Strong knowledge of penetration testing methodologies and tools (e.g., Metasploit, Burp Suite, Nmap, MITRE).
• Proficient in performing adversary simulation attacks, red team experience
• Proficient in active directory, OSINT, networking technologies
• Proficiency in scripting and programming languages (e.g., Python, Java, C++).
• Familiarity with cloud security (e.g., AWS, Azure, GCP) and container security (e.g., Docker, Kubernetes).
• Excellent problem-solving skills and attention to detail.
• Strong communication and collaboration skills.

Additional Qualifications:

• Relevant certifications such as OSCP, OSWE, CISSP, GPEN or CEH.
• Experience with DevSecOps practices and tools.
• Knowledge of regulatory requirements and industry standards (e.g., GDPR, ISO 27001)
• Dynamic technical leadership acumen, both cross-functionally and directly supporting highly technical staff in our Product Security function and partner teams such as Development, IT, Compliance, DevOps
• Project management experience, including direct teams and external partners
• Excellent verbal and written communication skills
• Excellent team player