Offensive Security Engineer

Offensive Security Engineer (freelance)

Sector: Financial Services

Location: Fully remote (within Poland)

Type: B2B Freelance contract

Duration: 6 months (extensions available for 2+ years)

Rate: Market rate (competitive)

What You Will Do

As a Senior Offensive Security Engineer, you will be at the forefront of safeguarding our digital infrastructure and customer data. This position demands a blend of hacking skills, creativity, and a deep understanding of cyber threats. You will simulate sophisticated cyber attacks to identify vulnerabilities, ensuring our resilience against real-world threats. Collaborating with cross-functional teams, you will provide actionable insights to fortify our security posture.

• Conduct white-box and black-box penetration testing against internal and public-facing applications and assets

• Manage, triage, and investigate Bug Bounty submissions and external pentest findings

• Perform variant analysis on issues discovered through all channels

• Research and perform security analyses on our 3rd-party solutions

• Develop tooling to support reconnaissance, automation, and metrics collection

• Provide expert guidance to developers, other product security teams, and the SOC in investigating issues

• Spread awareness of offensive security practices via demos, workshops, and training

• Assess the security of our tech stack through whatever means are best suited

• Define what we focus on to provide the most value

• Help further mature the security program

Who You Are

• Strong experience with penetration testing and other technical security assessments

• Experience identifying security issues in code, particularly within Java and Node.js

• Experience with cloud environments, particularly AWS and modern micro-service design principles

• Comfortable communicating findings clearly and effectively, with concrete remediation recommendations beyond simple issue reporting

• Comfortable scripting and contributing to larger projects in Python

• Able to take the initiative and be comfortable taking on projects that contribute to the larger security culture and posture

• Industry recognized certifications, e.g., OSCP, OSWE, CREST, GIAC, AWS, et. al

• CTF Participation and active contributions to the cybersecurity community