Offensive Security Engineer

About The Position

Requirements

• Bachelor's degree in Cyber Security, Computer or Software Engineering, Computer Science, Security Engineering, Information Management, Information Science, or a related technical field preferred OR equivalent experience
• One or more of the following certifications - (required) Offensive Security Certification: OSCP, OSEP, or OSWE Global Information Assurance Certification (GIAC): GXPN
• 5-10+ years of Offensive Security and Cloud Security experience
• Demonstrated experience conducting network, web application, API, and cloud penetration tests across complex enterprise environments
• Expert knowledge of OWASP Top 10 (including API)
• Experience with OWASP Top 10 (LLM)
• Experience in Cloud Vulnerability management, configuration, and validation using various tools across multi-cloud environments
• Cloud-related certification in either AWS or GCP
• Proficiency using both the AWS Management Console and the AWS Command Line Interface (CLI)
• Experience mentoring junior personnel in offensive security practices
• Expert with offensive security and vulnerability scanning tools and reporting
• Expert with vulnerability management scoring methodologies
• Strong hands-on expertise in developing proof-of-concept (PoC) exploits to validate real-world impact of discovered vulnerabilities
• Expert knowledge of offensive security tools and frameworks (e.g., Burp Suite, ASVS, SANs top 25, Metasploit, BloodHound)
• Proficiency in manual exploitation techniques, including authentication bypasses, privilege escalation, and lateral movement
• Experience assessing and exploiting modern cloud and containerized environments (e.g., AWS, Azure, GCP, Kubernetes)
• Solid understanding of secure coding flaws and vulnerability types (OWASP Top 10, business logic flaws, memory corruption)
• Ability to write custom scripts or tooling in languages such as Python, Bash, or Go to support testing and exploitation
• Subject Matter Specialist or Expert at validating detection and response capabilities through adversary emulation or purple team exercises
• Proven ability to produce clear, actionable reports that translate technical findings for engineering teams, and into business risk and remediation guidance

Nice To Haves

• GIAC - GCAD, GRTP, GPEN, GWAPT, or GCPN

Responsibilities

• Cloud, Application, and API Security Testing Perform authorized application security pentest on web apps, APIs, cloud infrastructure, and microservices.
• Identify common classes of vulnerabilities (e.g., authentication/authorization weaknesses, logic flaws, input validation issues).
• Validate findings and provide actionable guidance to engineering teams.
• Conduct and contribute to threat modeling and design reviews.
• Maintain the internal pentest framework and update it based on industry standards where applicable.
• Cloud & Platform Security Assessments Work with Cloud/DevOps engineers to secure CI/CD pipelines.
• Work with containerized workloads and serverless components.
• Vulnerability Discovery & Research Obtain a strong understanding of the company’s products and architecture to discover high-impact weaknesses.
• Research emerging attacks/exploits and techniques relevant to multi-cloud, SaaS, or microservice architectures.
• Internal Red Team / Purple Team Activities Scope and engineer red team exercises with defined flags, goals, and safety boundaries.
• Partner with defensive teams during purple team engagements to improve detection and response Collaboration & Remediation Support Provide engineering teams with reproduction steps, risk context, and prescriptive remediation options (i.e., remediation written from a developer's point of view (POV))
• Participate in security design discussions and architecture reviews.
• Security Automation & Tooling Assist in automation of safe, controlled security testing (e.g., integrating SAST/DAST tooling, security checks within CI/CD).
• Develop scripts or utilities to support secure testing workflows (not exploit tools).
• Implement and test emergent exploit tooling to support ongoing changes in the threat landscape.
• Compliance & Documentation Maintain documentation for vulnerability assessments/pentest, retesting, and mitigation tracking in ITSM tooling.
• Support SOC 2, ISO 27001, and customer security questionnaires by providing validated security test evidence and providing technical POV’s when necessary.

Benefits

• People: Work with talented, collaborative, and friendly people who love what they do.
• Fun: We host in-person and virtual events such as game nights, happy hours, camping trips, and sports leagues.
• Work/Life Harmony: Flexible paid time off, paid holidays, options for working from home, and paid parental leave.
• Comprehensive Benefits Package: LiveRamp offers a comprehensive benefits package designed to help you be your best self in your personal and professional lives. Our benefits package offers medical, dental, vision, life and disability, an employee assistance program, voluntary benefits as well as perks programs for your healthy lifestyle, career growth and more.
• Savings: Our 401K matching plan—1:1 match up to 6% of salary—helps you plan ahead. Also Employee Stock Purchase Plan - 15% discount off purchase price of LiveRamp stock (U.S. LiveRampers)
• RampRemote: A comprehensive office equipment and ergonomics program—we provide you with equipment and tools to be your most productive self, no matter where you're located