Offensive Security Engineer

Job Description:

• Work directly with the AI agent system, run it against targets, understand where it performs well and where it falls short, and provide structured feedback to improve coverage and accuracy
• Validate, reproduce, and escalate findings, writing clear and reliable proof-of-concepts that demonstrate real-world exploitability
• Coordinate disclosures across OSS projects and bug bounty platforms, managing timelines and communication effectively
• Contribute to public security research and technical content that is relevant and valuable to the security community
• Research emerging vulnerability classes and attack techniques, and translate those insights into improvements in how the system tests
• Build and maintain custom tooling where needed, including automation scripts, payload lists, and testing harnesses tailored to specific targets

Requirements:

• 3-5+ years of professional offensive security experience in penetration testing, bug bounty, or red teaming
• Strong understanding of web application vulnerabilities such as SQLi, XSS, SSRF, IDOR, SSTI, business logic flaws, authentication bypasses, and their real-world nuances
• Comfortable reading and writing code in Python, Bash, and JavaScript, with the ability to build custom tooling when needed
• Experience with public disclosures or CVEs
• Clear and effective written communication, with the ability to explain complex findings to both engineers and security teams
• Experience working with bug bounty platforms and responsible disclosure processes
• Ability to go beyond automated tools and reason about systems, attack paths, and edge cases

Benefits:

• Competitive salary
• Fully remote - work from anywhere with a global team
• High trust and autonomy from day one