Security Research Engineer

About The Position

Requirements

• 5+ years of experience in offensive security, pentesting, red teaming, or vulnerability research
• Strong programming skills in multiple languages (Python, Go, JavaScript, C/C++)
• Deep, hands-on understanding of modern vulnerability classes across web, cloud, and infrastructure
• Proven track record of running pentest engagements end-to-end and delivering findings to customers
• Excellent customer-facing communication skills — comfortable presenting to both engineers and executives
• Experience contributing to or maintaining open source security tooling
• Bachelor's degree in Computer Science, Cybersecurity, or related field, or equivalent experience

Nice To Haves

• Experience with AI/LLM-assisted offensive security or building security automation on top of LLMs
• Prior Forward Deployed Engineer, solutions engineering, or consulting experience at a security or developer tools company
• Security certifications (OSCP, OSCE, OSWE, GXPN, or equivalent)
• Public security research, CVEs, conference talks, or notable open source contributions
• Experience with cloud security (AWS, GCP, Azure) and containerized environments
• Familiarity with compliance frameworks (SOC 2, ISO 27001, PCI DSS) as they relate to pentesting

Responsibilities

• Run end-to-end pentest engagements for customers using Apex, our open source offensive security tool
• Curate, triage, and contextualize findings for customer audiences ranging from engineers to executives
• Deliver clear, prioritized write-ups and walk customers through results, exploitation paths, and remediation
• Set up and configure the Pensar platform inside customer environments, including integrations and workflows
• Act as a trusted technical partner for customers throughout onboarding, engagements, and ongoing usage
• Travel to customer sites as needed for kickoffs, readouts, and on-site testing
• Conduct original offensive security research across web, cloud, infrastructure, and AI/LLM attack surfaces
• Develop new exploitation techniques, payloads, and tooling that extend Apex's capabilities
• Build automated testing methodologies for emerging vulnerability classes and attacker tradecraft
• Track the evolving threat landscape and translate it into concrete detections and capabilities
• Lead vulnerability research across high-impact open source projects and ecosystems
• Verify findings, build proof-of-concept exploits, and coordinate responsible disclosure with maintainers
• Contribute patches, advisories, and tooling back to the open source community
• Grow Pensar's reputation in the security research community through publications, talks, and contributions
• Translate firsthand engagement experience into concrete recommendations for the product roadmap
• Partner with engineering and product on capabilities, UX, and automation that make pentesting faster and more reliable
• Participate in architecture and design reviews with a focus on the pentester's workflow
• Help shape Apex's direction as an open source project alongside the internal platform

Benefits

• Comprehensive health, dental, and vision insurance
• Direct ownership of customer engagements and offensive research at an early-stage security company
• Professional development budget for conferences, training, and certifications
• Support for publishing research and presenting at industry conferences
• Direct, visible impact on both our open source tooling and commercial platform