{"version":"0.1","company":{"name":"YubHub","url":"https://yubhub.co","jobsUrl":"https://yubhub.co/jobs/skill/exploitable-weaknesses"},"x-facet":{"type":"skill","slug":"exploitable-weaknesses","display":"Exploitable Weaknesses","count":1},"x-feed-size-limit":100,"x-feed-sort":"enriched_at desc","x-feed-notice":"This feed contains at most 100 jobs (the most recently enriched). For the full corpus, use the paginated /stats/by-facet endpoint or /search.","x-generator":"yubhub-xml-generator","x-rights":"Free to redistribute with attribution: \"Data by YubHub (https://yubhub.co)\"","x-schema":"Each entry in `jobs` follows https://schema.org/JobPosting. YubHub-native raw fields carry `x-` prefix.","jobs":[{"@context":"https://schema.org","@type":"JobPosting","identifier":{"@type":"PropertyValue","name":"YubHub","value":"job_a7844c0c-97b"},"title":"Senior Offensive Security Engineer","description":"<p>As a Senior Offensive Security Engineer, you will lead penetration testing and adversarial simulation efforts targeting our applications, cloud infrastructure, and corporate networks. You will emulate real-world attackers to identify weaknesses across the software and IT stack, and work closely with engineering and IT teams to improve our defenses.</p>\n<p>Your focus is offensive testing of application and enterprise systems.</p>\n<p>Responsibilities:</p>\n<ul>\n<li>Perform penetration tests of web apps, APIs, backend services, cloud infrastructure, and corporate networks.</li>\n<li>Conduct threat emulation exercises, red-team scenarios, and targeted attack simulations.</li>\n<li>Assess CI/CD pipelines, IAM configurations, and internal services for exploitable weaknesses.</li>\n<li>Lead offensive security initiatives and serve as the organization&#39;s primary expert for AppSec and enterprise pentesting.</li>\n</ul>\n<p>Security Research &amp; Adversarial Analysis:</p>\n<ul>\n<li>Track emerging threats, techniques, and vulnerabilities relevant to cloud and enterprise environments.</li>\n<li>Develop custom exploits or proof-of-concepts as needed to validate findings.</li>\n</ul>\n<p>Collaboration &amp; Remediation Support:</p>\n<ul>\n<li>Work with development, infra, and IT teams to validate controls and guide effective remediation.</li>\n<li>Provide actionable risk assessments from an attacker&#39;s perspective.</li>\n<li>Contribute offensive insights to secure system design guidance.</li>\n</ul>\n<p>General Product Security Support (Secondary):</p>\n<ul>\n<li>Assist with code review and threat modeling for software components when offensive insights are needed.</li>\n</ul>\n<p>Requirements:</p>\n<ul>\n<li>5+ years of hands-on offensive security experience (AppSec, cloud, or enterprise penetration testing).</li>\n<li>Demonstrated experience leading complex penetration tests for web apps, APIs, and cloud platforms.</li>\n<li>Strong proficiency in offensive tooling (Burp Suite, Nmap, Metasploit, proxy tools, etc.) and manual testing techniques.</li>\n<li>Familiarity with cloud-native attack vectors (AWS/Azure/GCP).</li>\n<li>Proficiency in at least one scripting or exploitation-oriented language (Python, Go, JavaScript, etc.).</li>\n<li>Strong analytical and problem-solving skills with an attacker&#39;s mindset.</li>\n<li>Ability to explain complex technical vulnerabilities to a range of audiences.</li>\n</ul>\n<p style=\"margin-top:24px;font-size:13px;color:#666;\">XML job scraping automation by <a href=\"https://yubhub.co\">YubHub</a></p>","url":"https://yubhub.co/jobs/job_a7844c0c-97b","directApply":true,"hiringOrganization":{"@type":"Organization","name":"Astranis","sameAs":"https://astranis.com/","logo":"https://logos.yubhub.co/astranis.com.png"},"x-apply-url":"https://job-boards.greenhouse.io/astranis/jobs/4623394006","x-work-arrangement":"onsite","x-experience-level":"senior","x-job-type":"full-time","x-salary-range":"$160,000-$230,000 USD","x-skills-required":["offensive security","penetration testing","cloud security","application security","CI/CD pipelines","IAM configurations","internal services","exploitable weaknesses","threat emulation","red-team scenarios","targeted attack simulations","custom exploits","proof-of-concepts","actionable risk assessments","secure system design guidance","code review","threat modeling","software components","offensive tooling","manual testing techniques","cloud-native attack vectors","AWS","Azure","GCP","scripting languages","exploitation-oriented languages","Python","Go","JavaScript"],"x-skills-preferred":[],"datePosted":"2026-04-24T15:20:22.143Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"San Francisco"}},"employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Technology","skills":"offensive security, penetration testing, cloud security, application security, CI/CD pipelines, IAM configurations, internal services, exploitable weaknesses, threat emulation, red-team scenarios, targeted attack simulations, custom exploits, proof-of-concepts, actionable risk assessments, secure system design guidance, code review, threat modeling, software components, offensive tooling, manual testing techniques, cloud-native attack vectors, AWS, Azure, GCP, scripting languages, exploitation-oriented languages, Python, Go, JavaScript","baseSalary":{"@type":"MonetaryAmount","currency":"USD","value":{"@type":"QuantitativeValue","minValue":160000,"maxValue":230000,"unitText":"YEAR"}}}]}