Security Engineer

About the Role
Are you an offensive-minded Security Engineer who loves thinking like an attacker to protect complex systems? We are looking for a technical expert to lead our internal penetration testing efforts and vulnerability research. While you’ll work closely with the SRE team, your primary mission is to proactively hunt for weaknesses across our applications, cloud infrastructure, and APIs. You won't just find bugs; you’ll be the strategic lead in proving how they can be exploited and ensuring they are eradicated before production.

Responsibilities

• Lead Internal Penetration Testing: Perform deep-dive manual and automated penetration tests on web applications, mobile apps, and microservices.
• Adversarial Emulation: Design and execute red-team scenarios to test the organization’s detection and response capabilities.
• Vulnerability Management & Exploitation: Beyond scanning, you will validate and exploit findings to demonstrate real-world risk and prioritize remediation for engineering teams.
• Secure Architecture Review: Conduct threat modeling and architectural "stress tests" to identify logic flaws in new features before a single line of code is deployed.
• Automated Offensive Tooling: Develop custom scripts and integrate offensive security tools (DAST, IAST) into the CI/CD pipeline to catch "low-hanging fruit" automatically.
• Remediation Advocacy: Partner with developers to provide "exploit-to-fix" guidance, ensuring they understand the how and why behind security patches.
• Incident Support: Act as a subject matter expert during security incidents to help analyze attack vectors and post-mortem findings.
  

ualifications

• 3+ years of specialized experience in Penetration Testing, Offensive Security, or Application Security.
• Expert-level proficiency with the "Hacker’s Toolkit": Burp Suite Professional, Metasploit, Nmap, SQLmap, and various proxy tools.
• Good Scripting Skills: Ability to write custom exploits or automation scripts in Python, Go, or Bash.
• Cloud & Container Expertise: Proven experience attacking/auditing Kubernetes environments, and containerized workloads.
• Deep Web Knowledge: Thorough understanding of OWASP Top 10, SANS Top 25, and common business logic vulnerabilities.
• CI/CD Familiarity: Experience with CI/CD pipelines and automation tools (e.g., Jenkins, GitLab CI).
  Bonus Points
• Certification in penetration testing (e.g., OSCP, CEH, GPEN, Pentest+).
  Experience with Google Cloud platforms.

What We Offer

• The opportunity to work on cutting-edge technology and make a real impact on our organization's security posture.
• A collaborative and supportive work environment with a strong focus on learning and development.
• Hybrid working environment.
• Competitive compensation and benefits package.
• The chance to be part of a team that is passionate about security and innovation.

If you're a Security Engineer with the skills and passion to take our security to the next level, we encourage you to apply!