Senior Offensive Security Engineer – Detection & Adversary Research

About The Position

Requirements

• Candidates often bring experience from offensive security, adversarial R&D, red teaming, exploit research, or offensive tooling development. A strong engineering mindset and curiosity about how attackers think tend to be excellent signals for success.
• Proficiency with scripting languages like Python, PowerShell, or Bash; familiarity with C/C++ for PoCs or bypass tools.
• Experience researching evasions, testing detection boundaries, or probing SIEM/EDR/cloud detection systems.
• Understanding exploit behavior, OS internals, telemetry sources, and attacker tradecraft.
• Knowledge of MITRE ATT&CK and common offensive frameworks, with the ability to adapt tooling when needed.
• Clear communication when collaborating with defenders such as SOC analysts, detection engineers, or incident responders.
• A creative and inquisitive approach to security problems—and an interest in helping defenders win!

Nice To Haves

• Experience writing or contributing to detections for SIEM, EDR, cloud environments, or related platforms.
• Understanding of the Elastic Security Solution, Elastic’s prebuilt rules, Elastic query languages, or the Elastic Common Schema.
• Experience developing offensive testing frameworks, telemetry generators, or automated detection QA pipelines.
• Contributions to open-source security tools, research publications, technical blog posts, or conference talks.
• Knowledge of RE tools like Ghidra or IDA (useful occasionally, but not a core part of the job).

Responsibilities

• Partnering with detection engineers and researchers to validate logic, challenge assumptions, and uncover evasions.
• Running targeted adversarial tests to explore realistic attacker behaviors and improve detection coverage.
• Creating internal tooling that generates telemetry, mimics attacker techniques, or automates validation workflows.
• Analyzing exploit behavior, payload mechanics, and attacker tradecraft, occasionally using lightweight reverse engineering when it directly supports detection work.
• Identifying telemetry gaps or weak signals and collaborating with engineering teams to improve visibility.
• Contributing to purple-team style initiatives by translating offensive findings into durable, production-ready detections.
• Sharing research and insights through Elastic Security Labs, blogs, workshops, or community engagements.
• Keeping up with attacker trends, tools, and evasion techniques to help guide our detection roadmap.

Benefits

• Competitive pay based on the work you do here and not your previous salary
• Health coverage for you and your family in many locations
• Ability to craft your calendar with flexible locations and schedules for many roles
• Generous number of vacation days each year
• Increase your impact - We match up to $2000 (or local currency equivalent) for financial donations and service
• Up to 40 hours each year to use toward volunteer projects you love
• Embracing parenthood with minimum of 16 weeks of parental leave