Sr. Offensive Security Engineer

About The Position

Requirements

• 6+ years of professional experience in offensive security (penetration testing, red teaming), dedicated technical incident response, or a closely related field.
• Demonstrated experience executing the full IR lifecycle (e.g., NIST SP 800-61 or SANS frameworks) and managing critical security breaches under high-pressure conditions.
• Strong capability in parsing complex log data, analyzing system telemetry, and leveraging forensics techniques to track adversarial movement across a network.
• Advanced hands-on experience exploiting and securing modern cloud infrastructure , containerized environments (Docker/Kubernetes), and complex IAM policies.
• Deep technical expertise in web application and API security, including a masterful understanding of the OWASP Top 10 and complex business logic flaws.
• Decent programming proficiency in Python, Go, or Bash for developing custom exploitation tools, automating proofs-of-concept, and parsing security logs.
• A proven track record of finding critical vulnerabilities (via bug bounties, VDPs, or professional engagements) paired with the analytical, defensive mindset required to hunt threats and isolate incidents.

Responsibilities

• Execute full-scope adversary emulations against any valuable objectives across SPAN's cloud environments , proprietary web/mobile applications, APIs, and corporate IT infrastructure.
• Lead Technical Incident Response operations during live security events, leveraging your understanding of attacker TTPs to direct rapid containment, threat eradication, and system recovery.
• Provide a crucial feedback loop to our Cloud Infrastructure and Software Engineering teams by translating offensive findings into proactive detection rules and actionable hardening requirements.
• Own the end-to-end VDP pipeline, serving as the primary internal owner for our public vulnerability disclosure channel, managing communications with external researchers, and validating incoming reports.
• Build automated scripts and tools to streamline continuous internal security testing, vulnerability scanning, and VDP triage workflows
• Utilize frameworks like MITRE ATT&CK to design and execute red team scenarios that rigorously test the organization’s live detection capabilities, defense evasion thresholds, and IR readiness.
• Develop and maintain Incident Response playbooks and runbooks to standardize our technical response to cloud, application, and infrastructure breaches.
• Conduct root-cause analysis and digital forensics post-incident to reconstruct attacker timelines, identify Indicators of Compromise (IoCs), and perform comprehensive post-incident reviews.

Benefits

• Competitive compensation + equity grants at a well-funded, venture-backed company
• Comprehensive benefits: 100% employee premiums for base plans on medical, dental, vision with options for additional coverage.
• Parental leave up to twenty four (24) weeks depending on eligibility
• Comfortable, sunny office space located near BART and Caltrain public transit
• Strong focus on team building and company culture: Employee Resource Groups, monthly social events, SPANcakes recognition breakfast, lunch, and learns
• Flexible hours, one holiday per month, and flexible time off