Your focus is offensive testing of application and enterprise systems.

Responsibilities:

• Perform penetration tests of web apps, APIs, backend services, cloud infrastructure, and corporate networks.
• Conduct threat emulation exercises, red-team scenarios, and targeted attack simulations.
• Assess CI/CD pipelines, IAM configurations, and internal services for exploitable weaknesses.
• Lead offensive security initiatives and serve as the organization's primary expert for AppSec and enterprise pentesting.

Security Research & Adversarial Analysis:

• Track emerging threats, techniques, and vulnerabilities relevant to cloud and enterprise environments.
• Develop custom exploits or proof-of-concepts as needed to validate findings.

Collaboration & Remediation Support:

• Work with development, infra, and IT teams to validate controls and guide effective remediation.
• Provide actionable risk assessments from an attacker's perspective.
• Contribute offensive insights to secure system design guidance.

General Product Security Support (Secondary):

• Assist with code review and threat modeling for software components when offensive insights are needed.

Requirements:

• 5+ years of hands-on offensive security experience (AppSec, cloud, or enterprise penetration testing).
• Demonstrated experience leading complex penetration tests for web apps, APIs, and cloud platforms.
• Strong proficiency in offensive tooling (Burp Suite, Nmap, Metasploit, proxy tools, etc.) and manual testing techniques.
• Familiarity with cloud-native attack vectors (AWS/Azure/GCP).
• Proficiency in at least one scripting or exploitation-oriented language (Python, Go, JavaScript, etc.).
• Strong analytical and problem-solving skills with an attacker's mindset.
• Ability to explain complex technical vulnerabilities to a range of audiences.

XML job scraping automation by YubHub