Offensive Security Engineer, Bengaluru

About Firebolt 

Firebolt is a cloud data warehouse built for the speed, scale, and flexibility required by modern Data & AI applications. By delivering ultra-low latency, high concurrency, and multi-dimensional elasticity, Firebolt enables teams to build data-intensive AI products that perform at scale. Backed by over $270M in funding and led by a world-class engineering team and experienced leadership, Firebolt is redefining AI data infrastructure and helping companies unlock the full potential of their data.

Description:

At Firebolt, security is built into everything we do. As we scale our high-performance cloud data warehouse platform, we’re looking for an exceptional Offensive Security Engineer to join our Security Research team and proactively strengthen our product’s security posture.

You’ll play a critical role in developing advanced offensive tests, simulating real-world attacks, and integrating automated security workflows directly into our CI/CD pipelines. If you’re passionate about pushing the limits of offensive security and applying AI and LLMs to take things further—this is your chance to do just that.

Key Responsibilities:

• Perform comprehensive black-box and gray-box penetration tests on core product components including frontend UI, APIs, client-side drivers, and backend microservices.
• Build and maintain custom API fuzzers to identify logic flaws, crashes, and unexpected behaviors.
• Automate offensive tests and integrate them into CI/CD workflows for continuous validation.
• Apply AI/LLM techniques to enrich attack simulations, expand test coverage, and develop novel vectors.
• Document findings clearly with actionable countermeasures; collaborate with engineering teams on timely remediation.

• Strong experience with penetration testing of modern web apps and API frameworks (REST, gRPC, etc.).
• Deep understanding of browser security, client-side attacks, and mitigation strategies.
• Proficiency in Python or Golang with the ability to build robust offensive tooling.
• Experience with CI/CD pipeline security integrations.
• Familiarity with fuzzers (e.g., ffuf) and offensive tools like Burp Suite, OWASP ZAP.
• Practical exposure to at least one major cloud environment (AWS, GCP, Azure).
• Bonus: Experience using LLMs for offensive security tasks or research.

The pay range listed below reflects the base salary for this role. This position is not eligible for a commission plan; base pay represents the full on-target earnings (OTE). The role is eligible to participate in our stock option program.

As part of our compensation philosophy, total compensation is tailored to each candidate and influenced by factors such as job-related skills, level of experience, relevant certifications, and geographic location.

• Base Salary Range: ₹45 LPA – ₹55 LPA
• Commission Plan: Not applicable; base salary represents 100% of total on-target earnings (OTE)
• Equity: Incentive Stock Options (ISOs), subject to a four-year vesting schedule with a one-year cliff

The actual compensation package will be determined based on the candidate’s qualifications, experience, and geographic location and may vary within the stated range.

Local Benefits (India)

• 15 vacation days
• 12 paid holidays per year
• 12 sick days
• Medical insurance
• Bereavement, Parental, and Marriage Leave
• Stock options
• All other benefits required by applicable law

Benefits are subject to eligibility requirements and are updated on an annual basis.