Senior Offensive Security Engineer

About The Position

Requirements

• 5+ years of experience as an offensive security engineer or equivalent.
• Experience threat modeling (e.g., STRIDE) and mapping adversary techniques (e.g., MITRE ATT&CK).
• Expertise in identifying and exploiting common vulnerabilities (e.g., OWASP Top 10, SANS 25).
• Hands-on experience testing embedded systems, firmware, and device software, including bootloader security, OS hardening, and low-level interface exploitation (e.g., JTAG, UART, SPI/I2C).
• Demonstrated experience with hardware-assisted attack techniques such as fault injection, side-channel analysis, and glitching, using tools like ChipWhisperer, OpenOCD, Ghidra, Binwalk.
• Proficiency in at least one modern language (Go, Python, Java, or TypeScript), applied to building offensive tooling, exploits, or automation.
• Ability to communicate security findings, risk posture, and strategic recommendations to both engineering teams and executive stakeholders.

Nice To Haves

• Experience securing AI products or edge-connected systems at scale.
• Experience building or maturing an offensive security practice within a product-focused organization.
• Experience validating technical controls to meet compliance standards such as SOC 2, ISO 27001, or PCI DSS.
• Experience formalizing secure-by-design standards across diverse environments, including applications, cloud services, and device software, translating principles into enforceable controls and engineering patterns.
• Security research background with demonstrated findings, CVE disclosures, or public contributions to the offensive security community.
• Track record of driving cross-functional security outcomes without direct authority, including aligning engineering and product roadmaps to offensive findings.

Responsibilities

• Lead penetration tests and security assessments for product and feature releases.
• Conduct continuous security engagements, proactively identifying vulnerabilities and driving remediation to closure.
• Advise engineering and product teams on remediation strategy, validating fixes and tracking measurable improvements to security posture over time.
• Assess attack surfaces across internet-facing services, APIs, and device interfaces (Wi-Fi, BLE, USB).
• Perform threat modeling and security architecture reviews that directly shape product decisions.
• Define and lead end-to-end risk reduction initiatives with internal and external stakeholders, aligning offensive findings to strategic security investments.
• Shape the offensive security roadmap, defining assessment scope, tooling, and methodology standards.

Benefits

• Health insurance
• Dental insurance
• Vision insurance
• Long term/short term disability insurance
• Employee assistance program
• Flexible spending account
• Life insurance
• Generous time off policies, including; 4-12 weeks fully paid parental leave based on tenure
• 11 paid holidays
• Additional flexible paid vacation and sick leave