Staff Offensive Security Engineer

About The Position

Requirements

• 5+ years of hands-on experience in security research, penetration testing, or adversarial security engineering.
• Deep understanding of various operating systems, identity systems, and network protocols, with demonstrated experience identifying and exploiting weaknesses in complex enterprise or mission-critical infrastructure.
• Proficiency in one or more programming languages (e.g., Python, Golang, Rust, C/C++).
• Experience with security research tools and frameworks (e.g., Kali Linux, Burp Suite, Metasploit, etc.).
• Experience assessing and exploiting AWS environments and cloud-native architectures.
• Demonstrated ability to apply AI or machine learning concepts to augment red team capabilities in complex systems.

Nice To Haves

• Advanced technical certifications such as OSCP, OSEP, CRTO, CPTS, or equivalent demonstrable offensive security expertise.
• Experience designing agentic security automation or applied AI to enhance adversary simulation.
• Prior experience conducting offensive security assessments against space, aerospace, satellite, avionics, or other safety-critical systems.
• Working knowledge of compliance frameworks such as NIST 800-171, CMMC 2.0, DFARS 252.204-7012, ITAR, and EAR, and the ability to operate effectively within regulated environments.
• Experience building or maturing offensive security capabilities within a fast-paced startup or high-growth environment.

Responsibilities

• Stand up and scale Vast’s red team capability from inception, defining strategy, engagement models, tradecraft, and operational processes while executing adversary emulation across mission and corporate environments.
• Lead security research and assess the cyber resilience of Vast’s systems, applications, and mission-critical products, identifying systemic risks before adversaries do.
• Architect and develop advanced adversary simulation tooling and methodologies to challenge security architecture, design decisions, and implementation controls.
• Partner closely with engineering, infrastructure, and security teams to drive remediation, influence secure design decisions, and strengthen long-term defensive maturity.

Benefits

• 100% medical, dental, and vision coverage for employees and dependents, generous paid time off; up to 20+ days of vacation for exempt staff and up to 10+ days of vacation for non-exempt staff with the ability to cash-out unused vacation annually, paid parental leave, short and long-term disability insurance, life insurance, access to a 401(k) retirement plan, ClassPass credits, personalized mental healthcare through Spring Health, and other discounts and perks.
• We also take pride in offering exceptional food perks, with snacks, drip coffee & onsite barista, cold drinks, and dinner meals remaining free of charge, and lunch subsidized as part of Vast’s ongoing commitment to providing high-quality meals for employees.