Offensive Security Engineer II

Finance of America Companies-posted 4 months ago
$85,300 - $142,100/Yr
Full-time • Mid Level
Conshohocken, PA
501-1,000 employees
Credit Intermediation and Related Activities
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

At Finance of America, we help homeowners unlock the joy that comes from realizing the full potential of their retirement. Many people have significant wealth tied up in their homes and want to use it meaningfully in their next chapter. Our unique range of reverse mortgages allow homeowners 55+ to access that wealth while maintaining control over their home and financial future. With options tailored to their unique goals, we provide the financial flexibility they need to move forward with confidence. Finance of America is guided by five values: We are customer obsessed, they are why we exist. We raise the bar. We take extreme ownership. We practice genuine collaboration. And we unleash our excellence. Together we are actualizing our vision to be the most beloved brand for homeowners in their next chapter.

  • Conducts penetration tests and threat simulations across applications, infrastructure, and cloud environments (AWS and Azure).
  • Performs application security reviews, including secure code review and SAST/DAST configuration in CI/CD pipelines.
  • Supports red and purple team exercises, using tactics aligned with the MITRE ATT&CK framework, to measure and improve SOC readiness.
  • Researches and tests emerging threats, vulnerabilities, and exploitation techniques, including those targeting cloud and AI/ML applications.
  • Partners with development, cloud, and SOC teams to communicate risks and recommend practical remediation strategies.
  • Creates or adapts custom offensive tools and scripts to support testing scenarios.
  • Documents and clearly communicates technical findings to both technical and non-technical audiences.
  • Conducts security research and attends trainings, conferences, and capture-the-flag (CTF) events.
  • Performs other duties as assigned.
  • Minimum 3 years of experience in offensive security, penetration testing, or application security.
  • Proficiency in web application security testing (e.g., OWASP Top 10, business logic flaws, authentication/authorization bypasses).
  • Familiarity with cloud security testing in AWS (IAM, S3, EC2, Lambda, etc.); exposure to Azure strongly preferred.
  • Knowledge of AI/ML application security testing, including risks such as prompt injection, data poisoning, and model extraction preferred.
  • Scripting proficiency in Python (preferred), PowerShell, or Bash.
  • Strong understanding of operating systems (Linux, Windows, MacOS) and networking protocols.
  • Experience with CI/CD pipeline security integration (e.g., Azure DevOps, GitHub Actions).
  • Exposure to adversary simulation tooling (e.g., C2 frameworks like Cobalt Strike, Sliver, Mythic).
  • Familiarity with the MITRE ATT&CK framework and its application to offensive testing.
  • Certifications such as OSCP, OSWE, OSEP, GXPN, or CRTO preferred.
  • Prior experience collaborating with SOC and IR teams in purple team exercises.
  • Strong written and verbal communication skills, with the ability to explain technical findings clearly to developers, engineers, and non-technical stakeholders.
  • Ability to exercise judgment when policies or precedents are incomplete or not well-defined.
  • Self-motivated, driven, and passionate about cybersecurity, with a continuous learning mindset.
  • Exposure to Azure strongly preferred.
  • Knowledge of AI/ML application security testing, including risks such as prompt injection, data poisoning, and model extraction preferred.
  • Certifications such as OSCP, OSWE, OSEP, GXPN, or CRTO preferred.
  • Health insurance
  • Dental insurance
  • Vision insurance
  • Life insurance
  • Paid time-off benefits
  • Flexible spending account
  • 401(k) with employer match
  • Employee Stock Purchase Plan (ESPP)
Track Jobs with Teal

Job Search Resources

Resume Builder
Resume Examples
Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service