We are seeking a highly skilled and self-motivated Principal Offensive Security Researcher to join our dynamic team. In this role, you will be at the forefront of our security efforts, conducting comprehensive penetration testing and research across a wide range of modern technologies. You will have the unique opportunity to test and secure our cutting-edge security products, including DSPM, Identity, CSPM, CDR, and API security solutions. This is a senior, high-impact position for an all-around expert who thrives on technical challenges and is passionate about pushing the boundaries of offensive security.
Your Impact:
Lead and execute sophisticated penetration testing engagements across diverse environments, including web applications, cloud infrastructure (AWS, etc.), Kubernetes, containers, and source code
Pioneer and develop innovative tools, techniques, and methodologies to simulate advanced adversaries and enhance our testing capabilities
Collaborate closely with product and engineering teams to provide deep technical insights, identify vulnerabilities, and strengthen the security posture of our core products
Conduct in-depth research on emerging threats and vulnerabilities, translating your findings into actionable intelligence and improved security controls
Create, deliver, and present clear, detailed, and actionable reports and findings to both technical and executive stakeholders
Serve as a subject matter expert and mentor to other team members, fostering a culture of continuous learning and technical excellence
Drive End-to-End Evaluation: Take ownership of creating and executing the end-to-end security evaluation and testing strategy for our core solutions
Influence the Roadmap: Your research and findings will directly influence the security roadmap and feature development of our products
Demonstrated real-world experience in offensive security, evidenced by a portfolio of public research, tool development, or conference presentations.
Your Impact:
Lead and execute sophisticated penetration testing engagements across diverse environments, including web applications, cloud infrastructure (AWS, etc.), Kubernetes, containers, and source code
Pioneer and develop innovative tools, techniques, and methodologies to simulate advanced adversaries and enhance our testing capabilities
Collaborate closely with product and engineering teams to provide deep technical insights, identify vulnerabilities, and strengthen the security posture of our core products
Conduct in-depth research on emerging threats and vulnerabilities, translating your findings into actionable intelligence and improved security controls
Create, deliver, and present clear, detailed, and actionable reports and findings to both technical and executive stakeholders
Serve as a subject matter expert and mentor to other team members, fostering a culture of continuous learning and technical excellence
Drive End-to-End Evaluation: Take ownership of creating and executing the end-to-end security evaluation and testing strategy for our core solutions
Influence the Roadmap: Your research and findings will directly influence the security roadmap and feature development of our products
Demonstrated real-world experience in offensive security, evidenced by a portfolio of public research, tool development, or conference presentations.
Requirements:
Deep technical expertise in multiple of the following areas:
Web Application Security: Thorough understanding of the OWASP Top 10, API security, and modern web technologies
Cloud Security: Proven experience performing penetration tests and security reviews of cloud environments (AWS, GCP, Azure)
Container & Kubernetes Security: In-depth knowledge of containerization technologies (Docker, etc.) and Kubernetes architecture and common misconfigurations
Infrastructure & Network Penetration Testing: Expertise in identifying and exploiting vulnerabilities in internal and external networks
Proficiency with offensive security tools and frameworks (e.g., Burp Suite, Metasploit, Kali Linux, debuggers/disassemblers like IDA Pro or Ghidra)
Strong understanding of the MITRE ATT&CK framework and other security models
Working knowledge of Windows & Linux operating system internals
Exceptional problem-solving skills and the ability to work independently and manage complex projects from start to finish
Excellent communication skills, with the ability to communicate highly technical findings effectively to engineers, peers, and leadership
Programming proficiency is highly desired. Python and Go are preferred, but experience with other languages (C, C++, C#, Java, Ruby) is also valuable
A Bachelors degree in a technical field is a plus, but not required
Industry certifications such as OSCP, OSEP, OSCE, OSEE, or GXPN are highly regarded.
Deep technical expertise in multiple of the following areas:
Web Application Security: Thorough understanding of the OWASP Top 10, API security, and modern web technologies
Cloud Security: Proven experience performing penetration tests and security reviews of cloud environments (AWS, GCP, Azure)
Container & Kubernetes Security: In-depth knowledge of containerization technologies (Docker, etc.) and Kubernetes architecture and common misconfigurations
Infrastructure & Network Penetration Testing: Expertise in identifying and exploiting vulnerabilities in internal and external networks
Proficiency with offensive security tools and frameworks (e.g., Burp Suite, Metasploit, Kali Linux, debuggers/disassemblers like IDA Pro or Ghidra)
Strong understanding of the MITRE ATT&CK framework and other security models
Working knowledge of Windows & Linux operating system internals
Exceptional problem-solving skills and the ability to work independently and manage complex projects from start to finish
Excellent communication skills, with the ability to communicate highly technical findings effectively to engineers, peers, and leadership
Programming proficiency is highly desired. Python and Go are preferred, but experience with other languages (C, C++, C#, Java, Ruby) is also valuable
A Bachelors degree in a technical field is a plus, but not required
Industry certifications such as OSCP, OSEP, OSCE, OSEE, or GXPN are highly regarded.
This position is open to all candidates.
