CrawlJobs Logo

Offensive Security Engineer, Hardware

United States, San Francisco 293000.00 - 490000.00 USD / Year · Job Posted February 21, 2026
Apply Position
Job Link Share

Job Description

We're seeking an exceptional Principal-level Offensive Security Engineer to challenge and strengthen OpenAI's security posture. This role isn't your typical red team job - it's an opportunity to engage broadly and deeply, craft innovative attack simulations, collaborate closely with defensive teams, and influence strategic security improvements across the organization. You'll have the chance to not only find vulnerabilities but actively drive their resolution, automate offensive techniques with cutting-edge technologies, and use your unique attacker perspective to shape our security strategy. This role will be primarily focused on continuously testing our hardware products and related services.

Job Responsibility

  • Collaborate proactively with engineering teams to enhance security and mitigate risks in hardware, firmware, and software
  • Perform comprehensive penetration testing on our diverse suite of products
  • Leverage advanced automation and OpenAI technologies to optimize your offensive security work
  • Present insightful, actionable findings clearly and compellingly to inspire impactful change
  • Influence security strategy by providing attacker-driven insights into risk and threat modeling

Requirements

  • 7+ years of hands-on experience or exceptional accomplishments demonstrating equivalent expertise
  • Exceptional skill in code review, identifying novel and subtle vulnerabilities
  • Demonstrated mastery assessing complex technology stacks
  • Proven ability to reverse engineer bootrom images, firmware, or silicon-level components
  • Deep familiarity with low-level kernel operations, secure boot processes, and hardware-software interactions
  • Hands-on experience building and validating secure boot chains and threat models
  • Proficiency with hardware debugging tools (UART, JTAG, SWD, oscilloscopes, logic analyzers)
  • Solid programming skills in C/C++, Python, or assembly for embedded systems
  • Industry experience securing consumer hardware (e.g., mobile devices, IoT, chipsets)
  • Excellent written and verbal communication skills for technical and non-technical audiences
  • Strong intuitive understanding of trust boundaries and risk assessment in dynamic contexts
  • Excellent coding skills, capable of writing robust tools and automation for offensive operations
  • Ability to communicate complex technical concepts effectively through compelling storytelling
  • Proven track record of not just finding vulnerabilities but actively contributing to solutions in complex codebases

Nice to have

  • Prior experience working in tech startups or fast-paced technology environments
  • Experience in related disciplines such as Software Engineering (SWE), Detection Engineering, Site Reliability Engineering (SRE), Security Engineering, or IT Infrastructure

What we offer

  • Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts
  • Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit)
  • 401(k) retirement plan with employer match
  • Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks)
  • Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees
  • 13+ paid company holidays, and multiple paid coordinated company office closures throughout the year for focus and recharge, plus paid sick or safe time (1 hour per 30 hours worked, or more, as required by applicable state or local law)
  • Mental health and wellness support
  • Employer-paid basic life and disability coverage
  • Annual learning and development stipend to fuel your professional growth
  • Daily meals in our offices, and meal delivery credits as eligible
  • Relocation support for eligible employees
  • Additional taxable fringe benefits, such as charitable donation matching and wellness stipends, may also be provided
  • Offers Equity
  • Performance-related bonus(es) for eligible employees

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Offensive Security Engineer, Hardware

8 matching positions

Security Engineer Iv (Red Team) - Project Based

At ASI, we are revolutionizing industries with state-of-the-art autonomous robot...
Location
Location
United States , Logan
Salary
Salary:
100730.00 - 117519.00 USD / Year
asirobots.com Logo
Autonomous Solutions
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in Computer Science, Cybersecurity, Electrical Engineering, or a related field
  • 8+ years of experience in penetration testing, red team operations, or offensive security
  • Hands-on experience testing software written in C, C++, and C#
  • Proficiency with offensive security tools such as Metasploit, Burp Suite, or similar frameworks
  • Working knowledge of exploit techniques including memory corruption, privilege escalation, and lateral movement
  • Familiarity with network attack vectors including TLS weaknesses, PKI misconfigurations, and protocol vulnerabilities
  • Scripting experience in Python, Bash, or similar for exploit automation and tooling
  • Familiarity with hardware security primitives such as Secure Boot, TPMs, or HSMs
Job Responsibility
Job Responsibility
  • Plan and execute penetration tests against software, firmware, network, and embedded system targets
  • Conduct red team exercises that simulate adversarial attack scenarios against autonomous platforms
  • Identify and exploit vulnerabilities in C, C++, and C# codebases through targeted security assessments
  • Assess network attack surfaces including TLS implementations, certificate handling, and encrypted protocols
  • Develop detailed findings, exploit chains, and remediation recommendations for engineering teams
  • Operate offensive security tooling including exploit frameworks, SAST, DAST, and fuzzing platforms
  • Validate remediations through re-testing to confirm fixes hold against known attack techniques
  • Support evidence collection and audit preparation for SOC 2 and ISO 27001 assessments
What we offer
What we offer
  • Full Benefits - 90% Medical
  • Generous PTO
  • Quarterly and Yearly Bonus Incentives
  • Fulltime
Read More
Arrow Right

Principal Consultant - Offensive Security

The Principal Consultant on the Offensive Security team is focused on assessing ...
Location
Location
Japan , Tokyo
Salary
Salary:
Not provided
paloaltonetworks.com Logo
Palo Alto Networks
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 6+ years of professional experience leading Red & Purple team engagements, Advanced Attack Simulations, OSINT research, social engineering techniques, bespoke security assessments and exploit development
  • Experience testing a range of technologies (Active Directory, major OSs, cloud environments, IoT / OT) and using a range of security tools and technologies inc AI-enabled to automate and tailor engagements
  • Demonstrate a deep understanding of how malicious software works (i.e.-malware, trojans, rootkits, etc.)
  • Ability to modify known and/or craft custom exploits manually without dependence on consumer tools such as Metasploit
  • Strong knowledge of tools and techniques used to conduct network, wireless, and web application penetration testing
  • Familiarity with web application penetration testing and code auditing to find security gaps and vulnerabilities
  • Experience with penetration testing, administering, and troubleshooting major flavors of Linux, Windows, and major cloud IaaS, PaaS, and SaaS providers (i.e., AWS, GCP, and Azure)
  • Experience with scripting and editing existing code and programming using one or more of the following - Perl, Python, ruby, bash, C/C++, C#, or Java
  • Experience with security assessment tools, including Nessus, OpenVAS, MobSF Metasploit, Burp Suite Pro, Cobalt Strike, Bloodhound, and Empire
  • Knowledge of application, database, and web server design and implementation
Job Responsibility
Job Responsibility
  • Performs client penetration testing to find any vulnerabilities or weaknesses that might be exploited by a malicious party, using open-source, custom, and commercial testing tools - Red Team experience essential
  • Ability to assist in scoping engagements by clearly articulating various penetration approaches and methodologies to audiences ranging from highly technical to executive personnel
  • Report generation that clearly communicates testing and assessment details, results, and remediation recommendations to clients
  • Develop scripts, tools, and methodologies to automate and streamline internal processes and engagements
  • Conducts periodic scans of networks to find and detect vulnerabilities
  • Conducts IT application testing, cybersecurity tool and systems analysis, system and network administration, and systems engineering support for the sustainment of information technology systems (mobile application testing, penetration testing, application, security, and hardware testing)
  • Conduct threat hunting and/or compromise assessment engagements to identify active or dormant indicators of compromise (IoCs) using Crypsis and Palo Alto Networks’ threat hunting tools (and/or client owned hunting instrumentation where applicable)
  • Conduct cloud penetration testing engagements to assess specific workloads (i.e., AWS, GCP, Azure, containers, or other PaaS and SaaS instances) for vulnerabilities and subsequently attempt to exploit identified weakness after receiving permission from client stakeholders
  • Provide recommendations to clients on specific security measures to monitor and protect sensitive data and systems from infiltration and cyber-attacks including response and recovery of a data security breach
  • Ability to perform travel requirements as needed to meet business demands
  • Fulltime
Read More
Arrow Right

Offensive Cyber Engineer

As an Offensive Cyber Engineer, you’ll dive deep into reverse engineering and vu...
Location
Location
United States , Liberty Township
Salary
Salary:
Not provided
crypticvector.com Logo
Cryptic Vector
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Computer Science, Computer Engineering, Electrical Engineering, or a related field
  • Strong programming skills in C, Assembly, and Python
  • Extensive experience with reverse engineering tools such as Ghidra, IDA Pro, and Wireshark
  • Proficiency with x86 architecture, or other modern architecture, and Hex editors
  • Ability to interface with hardware, including connecting probes to traces, using logic analyzers, and decoding hardware signals
  • Strong problem-solving skills and the ability to think critically and creatively in analyzing software and hardware components
  • Meticulous attention to detail, especially when dealing with complex codebases and hardware systems
  • Priority will be given to candidates with an active Top Secret (TS) clearance
  • This role requires use of technical data subject to U.S. Government contract restrictions, therefore this posting is only for U.S. Citizens
Job Responsibility
Job Responsibility
  • Reverse Engineering (RE) of software/firmware, Vulnerability Research (VR), exploit development/productization
  • Deconstruct and analyze software/firmware to understand its structure, functionality, and behavior
  • Design/develop post-exploitation effects in software/firmware, which can withstand scrutiny and attack
  • Design/develop secure, reliable, software-based communication solutions
  • Design/develop stealth solutions
  • Employ industry-standard tools such as Ghidra, IDA Pro, Wireshark, and Hex editors (e.g., Hex Workshop) to reverse engineer software components
  • Develop scripts and tools in C, Assembly, Rust, and Python to automate and enhance reverse engineering processes
  • Collaborate with hardware teams to understand and interact with physical devices. This includes connecting probes, using logic analyzers, and decoding signals on hardware
  • Write unit tests, functional tests, and end-to-end tests
  • Prepare detailed reports documenting the findings, methodologies, and potential implications of reverse engineering efforts
What we offer
What we offer
  • 100% Company-paid medical insurance for employees
  • 100% Company-paid dental and vision insurance
  • Competitive salary and bonus
  • 25% 401k company contribution
  • Generous PTO, parental leave, bereavement leave, and volunteer time
  • Flexible work hours
  • Tuition reimbursement, training allowance, internal mobility opportunities
  • Free beverages and snacks, Donut Fridays, monthly social events
Read More
Arrow Right

Offensive Cyber Engineer

As an Offensive Cyber Engineer, you’ll dive deep into reverse engineering and vu...
Location
Location
United States , Atlanta
Salary
Salary:
Not provided
crypticvector.com Logo
Cryptic Vector
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Computer Science, Computer Engineering, Electrical Engineering, or a related field
  • Strong programming skills in C, Assembly, and Python
  • Extensive experience with reverse engineering tools such as Ghidra, IDA Pro, and Wireshark
  • Proficiency with x86 architecture, or other modern architecture, and Hex editors
  • Ability to interface with hardware, including connecting probes to traces, using logic analyzers, and decoding hardware signals
  • Strong problem-solving skills and the ability to think critically and creatively in analyzing software and hardware components
  • Meticulous attention to detail, especially when dealing with complex codebases and hardware systems
  • Priority will be given to candidates with an active Top Secret (TS) clearance
Job Responsibility
Job Responsibility
  • Reverse Engineering (RE) of software/firmware, Vulnerability Research (VR), exploit development/productization
  • Deconstruct and analyze software/firmware to understand its structure, functionality, and behavior
  • Design/develop post-exploitation effects in software/firmware, which can withstand scrutiny and attack
  • Design/develop secure, reliable, software-based communication solutions
  • Design/develop stealth solutions
  • Employ industry-standard tools such as Ghidra, IDA Pro, Wireshark, and Hex editors (e.g., Hex Workshop) to reverse engineer software components
  • Develop scripts and tools in C, Assembly, Rust, and Python to automate and enhance reverse engineering processes
  • Collaborate with hardware teams to understand and interact with physical devices. This includes connecting probes, using logic analyzers, and decoding signals on hardware
  • Write unit tests, functional tests, and end-to-end tests
  • Prepare detailed reports documenting the findings, methodologies, and potential implications of reverse engineering efforts
What we offer
What we offer
  • 100% Company-paid medical insurance for employees
  • 100% Company-paid dental and vision insurance
  • Competitive salary and bonus
  • 25% 401k company contribution
  • Generous PTO, parental leave, bereavement leave, and volunteer time
  • Flexible work hours
  • Tuition reimbursement, training allowance, internal mobility opportunities
  • Free beverages and snacks, Donut Fridays, monthly social events
Read More
Arrow Right

Offensive Cyber Engineer

At Cryptic Vector, we are dedicated to mission success. We take the time to unde...
Location
Location
United States , Miamisburg
Salary
Salary:
Not provided
crypticvector.com Logo
Cryptic Vector
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Computer Science, Computer Engineering, Electrical Engineering, or a related field
  • Strong programming skills in C, Assembly, and Python
  • Extensive experience with reverse engineering tools such as Ghidra, IDA Pro, and Wireshark
  • Proficiency with x86 architecture, or other modern architecture, and Hex editors
  • Ability to interface with hardware, including connecting probes to traces, using logic analyzers, and decoding hardware signals
  • Strong problem-solving skills and the ability to think critically and creatively in analyzing software and hardware components
  • Meticulous attention to detail, especially when dealing with complex codebases and hardware systems
  • Priority will be given to candidates with an active Top Secret (TS) clearance
Job Responsibility
Job Responsibility
  • Reverse Engineering (RE) of software/firmware, Vulnerability Research (VR), exploit development/productization
  • Deconstruct and analyze software/firmware to understand its structure, functionality, and behavior
  • Design/develop post-exploitation effects in software/firmware, which can withstand scrutiny and attack
  • Design/develop secure, reliable, software-based communication solutions
  • Design/develop stealth solutions
  • Employ industry-standard tools such as Ghidra, IDA Pro, Wireshark, and Hex editors (e.g., Hex Workshop) to reverse engineer software components
  • Develop scripts and tools in C, Assembly, Rust, and Python to automate and enhance reverse engineering processes
  • Collaborate with hardware teams to understand and interact with physical devices. This includes connecting probes, using logic analyzers, and decoding signals on hardware
  • Write unit tests, functional tests, and end-to-end tests
  • Prepare detailed reports documenting the findings, methodologies, and potential implications of reverse engineering efforts
What we offer
What we offer
  • 100% Company-paid medical insurance for employees
  • 100% Company-paid dental and vision insurance
  • Competitive salary and bonus
  • 25% 401k company contribution
  • Generous PTO, parental leave, bereavement leave, and volunteer time
  • Flexible work hours
  • Tuition reimbursement, training allowance, internal mobility opportunities
  • Free beverages and snacks, Donut Fridays, monthly social events
Read More
Arrow Right

Technical Targeting Analyst – SME

This team provides mission critical support by reviewing, analyzing, and respond...
Location
Location
United States , McLean
Salary
Salary:
Not provided
realmone.com Logo
RealmOne
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Sixteen (16) years of relevant experience
  • Bachelor’s degree in a relevant technical field, or 4 additional years of relevant technical experience
  • Experience working in three or more of the following: analysis, network engineer, network security, offensive experience, technical collection, penetration testing, “red teaming” hardware engineering, software reverse engineer, computer exploitation
  • Experience working with collection capabilities and dissemination systems
  • Experience analyzing current and emerging intelligence issues and writing intelligence reports
  • Demonstrated experience with technical targeting tools and databases
  • Demonstrated organizational skills and willingness to adapt to dynamic and unexpected customer requirements
  • Position requires active Security Clearance with appropriate Polygraph
Job Responsibility
Job Responsibility
  • Reviewing, analyzing, and responding to requests for a variety of analytic products covering a wide spectrum of topics relevant at the national and global level
  • Leveraging critical thinking and an entrepreneurial mindset in technical data exploitation, processing, and visualization
  • Independently leveraging collection to drive follow-on efforts in a highly collaborative manner
What we offer
What we offer
  • Healthcare Coverage + Insurance
  • Medical: Three (3) rich healthcare options through CareFirst with 100% or majority company-paid premiums
  • Tax-advantaged health savings account available with generous employer contribution
  • Dental + Vision: 100% employer-paid for employees and family, with a buy-up option available
  • Retirement + Savings: 401K – 10% TOTAL CONTRIBUTION – 5% safe harbor – 5% annual profit share (both immediately vested!)
  • Paid Time Off + More: 4 weeks starting PTO
  • 11 federal holidays + 2 floating holidays
  • Paid hours for company-required training
  • Career Growth + Development: Access to FREE 24/7 learning via Udemy
  • Opportunities to participate in tech councils, industry initiatives, etc.
  • Fulltime
Read More
Arrow Right

Systems Engineer Technical Specialist (O&M)

The Systems Engineer will support the Sponsor’s organization as a critical membe...
Location
Location
United States , Chantilly
Salary
Salary:
Not provided
arcfield.com Logo
Arcfield
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Must possess and be able to maintain a TS/SCI clearance with Polygraph
  • BS 10-12, MS 8-10, PhD 5-7 or equivalent experience Business, Computer Science, Information Systems, Engineering, or a scientific or technical discipline
  • Ability to develop well documented, actionable, measurable, testable, traceable requirements supporting Sponsor development activities
  • Demonstrated successful experience in applying critical thinking in analyzing Sponsor project and programs to identify technical risks that may impact successful delivery of the Sponsor developed capability
  • Demonstrated successful experience in development of Concept of Operations diagrams utilizing industry best practices through coordination with project stakeholders
  • Demonstrated successful experience forecasting technologies and products that are related to and would advance the Sponsors mission area
  • Demonstrated successful experience in providing independent assessment of projects relating to technical risk and providing suggestions for potential improvement on technical functionality
  • Demonstrated successful experience developing comprehensive project plans that transition cyber research concepts into mission ready capabilities
  • Demonstrated successful experience working with Test Teams to create ad hoc test cases to fully characterize developed offensive cyber capabilities
  • Demonstrated successful experience working with IC or DoD targeting officers to identify new opportunities to enable technical operations to include access, exfil, collection and covert action
Job Responsibility
Job Responsibility
  • The SE will review system architecture, design documentation, and security processes
  • Review network design documentation
  • Consult and provide solutions to address network technical issues on mission networks
  • Support O&M and installation of operational systems, patching, hardware updates, install machines, debug networking issues, etc.
  • Develop and administer requirements for cyber tools
  • Perform system assessment to support validation of information systems
  • Align the organization’s IT infrastructure, system, and technology strategies with business goals & objectives
  • Work with inter-agency partners to develop technical strategic plans and coordination of cyber strategies
  • Support operations governance
  • Stay abreast of emerging technologies across technical domains
  • Fulltime
Read More
Arrow Right

Principal Consultant, Red Team

The Principal Consultant on the Offensive Security team is focused on assessing ...
Location
Location
United Arab Emirates , Dubai
Salary
Salary:
Not provided
paloaltonetworks.com Logo
Palo Alto Networks
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 6+ years of professional experience leading Red & Purple team engagements, Advanced Attack Simulations, OSINT research, social engineering techniques, bespoke security assessments and exploit development
  • Experience testing a range of technologies (Active Directory, major OSs, cloud environments, IoT / OT) and using a range of security tools and technologies inc AI-enabled to automate and tailor engagements
  • Demonstrate a deep understanding of how malicious software works (i.e.-malware, trojans, rootkits, etc.)
  • Ability to modify known and/or craft custom exploits manually without dependence on consumer tools such as Metasploit
  • Strong knowledge of tools and techniques used to conduct network, wireless, and web application penetration testing
  • Familiarity with web application penetration testing and code auditing to find security gaps and vulnerabilities
  • Experience with penetration testing, administering, and troubleshooting major flavors of Linux, Windows, and major cloud IaaS, PaaS, and SaaS providers (i.e., AWS, GCP, and Azure)
  • Experience with scripting and editing existing code and programming using one or more of the following - Perl, Python, ruby, bash, C/C++, C#, or Java
  • Experience with security assessment tools, including Nessus, OpenVAS, MobSF Metasploit, Burp Suite Pro, Cobalt Strike, Bloodhound, and Empire
  • Knowledge of application, database, and web server design and implementation
Job Responsibility
Job Responsibility
  • Performs client penetration testing to find any vulnerabilities or weaknesses that might be exploited by a malicious party, using open-source, custom, and commercial testing tools - Red Team experience essential
  • Ability to assist in scoping engagements by clearly articulating various penetration approaches and methodologies to audiences ranging from highly technical to executive personnel
  • Report generation that clearly communicates testing and assessment details, results, and remediation recommendations to clients
  • Develop scripts, tools, and methodologies to automate and streamline internal processes and engagements
  • Conducts periodic scans of networks to find and detect vulnerabilities
  • Conducts IT application testing, cybersecurity tool and systems analysis, system and network administration, and systems engineering support for the sustainment of information technology systems (mobile application testing, penetration testing, application, security, and hardware testing)
  • Conduct threat hunting and/or compromise assessment engagements to identify active or dormant indicators of compromise (IoCs) using Crypsis and Palo Alto Networks’ threat hunting tools (and/or client owned hunting instrumentation where applicable)
  • Conduct cloud penetration testing engagements to assess specific workloads (i.e., AWS, GCP, Azure, containers, or other PaaS and SaaS instances) for vulnerabilities and subsequently attempt to exploit identified weakness after receiving permission from client stakeholders
  • Provide recommendations to clients on specific security measures to monitor and protect sensitive data and systems from infiltration and cyber-attacks including response and recovery of a data security breach
  • Fulltime
Read More
Arrow Right