CrawlJobs Logo
Meta Logo Meta · IT - Software Development

Offensive Security Engineer, Purple Team

United States, Bellevue 122000.00 - 181000.00 USD / Year · Job Posted January 23, 2026
Apply Position
Job Link Share

Job Description

Meta's Offensive Security Group is seeking an experienced Offensive Security Engineer to join our team. As a key member of the team, you will be responsible for executing tactical, offensive assessments across various environments, emulating internal and external threats, and driving remediations to improve the organization's security posture.

Job Responsibility

  • Conduct offensive security engagements, including Red Team operations, threat-based evaluations, and vulnerability research and exploitation against both internal and external facing systems
  • Design, scope, and lead complex technical assessments, Purple Team Engagements, and other security initiatives to test attack detection and prevention effectiveness
  • Automate portions of assessments, scoping, or other offensive security work to inform and drive our engagements
  • Incorporate Threat Intelligence research to track APT trends and help partners test their environments against new and emerging threats
  • Collaborate with cross-functional teams, including Incident Response, Product Security, and other security partners, to align remediation efforts and drive fixes after testing cycles
  • Develop and maintain relationships with internal customers to identify and facilitate solutions to increase the impact of the team's work
  • Influence and align the team’s direction and strategy, and collaboratively prioritize and deliver specific multi-year roadmaps and projects

Requirements

  • Bachelor's degree (or foreign degree equivalent) in Information Systems Engineering, Computer Science, Engineering, Information Security, Cyber Security, Information Assurance, or equivalent experience
  • 2+ years of experience in Red Teaming, Penetration Testing, and/or cyber threat hunting
  • Experience with coding/scripting skills in one or more general purpose languages

Nice to have

  • Relevant certifications such as Offensive Security Certified Professional, Offensive Security Exploitation Professional, Certified Red Team Operator, or Certified Red Team Leader
  • Public tools, presentations, or research published on Cybersecurity

What we offer

  • bonus
  • equity
  • benefits
Meta - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Offensive Security Engineer, Purple Team

8 matching positions

Lead Information Security Engineer - Purple Team

Wells Fargo is seeking a Lead Information Security Engineer.
Location
Location
India , Bengaluru
Salary
Salary:
Not provided
https://www.wellsfargo.com/ Logo
Wells Fargo
Expiration Date
June 25, 2026
Flip Icon
Requirements
Requirements
  • 5+ years of Information Security Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
Job Responsibility
Job Responsibility
  • Lead computer security incident response activities for highly complex events
  • Conduct technical investigation of security related incidents and post incident digital forensics to identify causes and recommend future mitigation strategies
  • Provide security consulting on large projects for internal clients to ensure conformity with corporate information, security policy, and standards
  • Design, document, test, maintain, and provide issue resolution recommendations for highly complex security solutions related to networking, cryptography, cloud, authentication and directory services, email, internet, applications, and endpoint security
  • Review and correlate security logs
  • Utilize subject matter knowledge in industry leading security solutions and best practices to implement one or more components of information security such as availability, integrity, confidentiality, risk management, threat identification, modeling, monitoring, incident response, access management, and business continuity
  • Identify security vulnerabilities and issues, perform risk assessments, and evaluate remediation alternatives
  • Collaborate and influence all levels of professionals including managers
  • Lead a team to achieve objectives
  • Lead or participate in offensive security testing in a purple team capacity, with the goal to aid security content development and/or verification by other teams
  • Fulltime
Read More
Arrow Right

Staff Engineer, Offensive Security

The Staff Engineer acts as a Technical Lead. You don't just find bugs; you desig...
Location
Location
Ireland
Salary
Salary:
Not provided
stytch.com Logo
Stytch
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7-10 years in offensive security, penetration testing, a high-volume bug bounty background, AppSec, or vulnerability exploitation
  • track record of finding high/critical vulnerabilities in complex environments using pentesting commercial or custom tools
  • Expert Knowledge and solid understanding of the MITRE ATT&CK matrix and the OWASP Top 10 for web applications and top 10 for LLMs
  • post exploitation (lateral movement, persistence, data exfiltration) and Adversarial ML
  • Proficient in OffSec popular tools like Burp Suite professional, Nmap, Metasploit, Wireshark etc... and AI security tools such as LangChain, TensorFlow for adversarial testing or, as well as use of C2 frameworks (Cobalt Strike, Sliver, Havoc) or similar tools
  • Ability to write functional scripts in Python or Bash to automate repetitive testing tasks
  • proficiency in coding and scripting like Python, C++, and scripting for creating custom offensive exploits that avoids signature-based detection
  • Possession of advanced industry certifications such as OSCP, OSEP, OSWE, GXPN or similar training in OffSec tracks is highly desirable
Job Responsibility
Job Responsibility
  • Full-Stack Penetration Testing: Perform manual and automated testing of web applications, APIs, and mobile apps (iOS/Android)
  • Internal/External Network Audits: Conduct network and cloud level assessments with various tooling
  • Vulnerability Validation: Triage and validate reports from automated scanners or bug bounty hunters to eliminate false positives and escalate true positives
  • AI/LLM Probing: Perform initial prompt injection and jailbreak tests on AI prototypes, services, and applications using established checklists (OWASP Top 10 for LLMs)
  • Technical Reporting: Draft high-quality reports that detail the 'path to compromise' with clear, reproducible steps for developers
  • Tool Maintenance: Manage and update the team's testing infrastructure (e.g., Burp Suite, and basic C2 listeners)
  • Remediation Support: Provide direct technical guidance to engineering teams on how to patch vulnerabilities like XSS, SQLi, and IDOR
  • Adversary Emulation: Design and lead multi-week Red Team operations that mimic specific threat actors (APTs) to test the SIRT detection capabilities
  • Custom Exploit Development: Build custom payloads, droppers, and obfuscated scripts to bypass EDR/AV and maintain stealth
  • AI Red Teaming Architecture: Build automated testing frameworks for AI systems (e.g., using PyRIT, Promptfoo, or Garak) to test for models related to sensitive data leakage
What we offer
What we offer
  • competitive pay
  • generous time off
  • ample parental and wellness leave
  • healthcare
  • a retirement savings program
Read More
Arrow Right

Staff Offensive Security Engineer

At GEICO, we offer a rewarding career where your ambitions are met with endless ...
Location
Location
United States , Chevy Chase; Palo Alto; Seattle
Salary
Salary:
115000.00 - 230000.00 USD / Year
geico.com Logo
Geico
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Mastery of vulnerability discovery and exploitation across applications, networks, and cloud using tools (e.g., Burp Suite, Metasploit), and custom scripts (Python, PowerShell)
  • Advanced understanding of OWASP, MITRE ATT&CK framework, software development lifecycle (SDLC), threat modeling, red/purple teaming, and attack path development
  • Hands-on experience with tools like Cobalt Strike, Mythic, BloodHound, and AutoSploit
  • Relevant professional security certifications (e.g. from GIAC or others)
  • Proven experience in achieving results efficiently through automation and establishing best practices
  • Proven track record to deliver business outcomes for meeting regulatory and compliance obligations
  • Ability to force multiply through coaching and mentorship to offensive security engineers across all functions (penetration testing, red teaming, purple teaming)
  • 8+ years in engineering focused role, preferably in the tech industry
  • 5+ years of experience in offensive security (penetrating testing, red team, and purple team)
  • 5+ years of hands-on experience performing penetration-testing, red teaming, and purple teaming activities
Job Responsibility
Job Responsibility
  • Lead highly effective large-scale penetration testing initiatives
  • Participate in simulating real-world cyber-attacks (red teaming), and collaborating with defensive security teams (purple teaming)
  • Conduct tactical security penetration test assessments to validate the security of company applications (web, mobile, APIs, and AI products) against OWASP Top 10 threats and work with the Application Security team to provide feedback and recommendations to increase automated capabilities
  • Ensure penetration testing activities are meeting security, business, and compliance objectives and outcomes
  • Design and execute advanced threat emulation scenarios, including physical, social, and digital attack vectors
  • Collaborate with Blue Teams, Threat Intelligence, and Risk Management to ensure comprehensive attack coverage and feedback loops
  • Ensure operations align with industry regulations and compliance standards such as NIST, PCI DSS, and NYDFS
  • Champion continuous improvement and innovation in penetration testing, adversary simulation techniques, tools, and methodologies
What we offer
What we offer
  • Comprehensive Total Rewards program that offers personalized coverage tailor-made for you and your family’s overall well-being
  • Financial benefits including market-competitive compensation
  • a 401K savings plan vested from day one that offers a 6% match
  • performance and recognition-based incentives
  • and tuition assistance
  • Access to additional benefits like mental healthcare as well as fertility and adoption assistance
  • Supports flexibility- We provide workplace flexibility as well as our GEICO Flex program, which offers the ability to work from anywhere in the US for up to four weeks per year
  • Fulltime
Read More
Arrow Right

Offensive Security Engineer

We're seeking an exceptional Principal-level Offensive Security Engineer to chal...
Location
Location
United States , San Francisco; Seattle; New York City; Washington
Salary
Salary:
277600.00 - 490000.00 USD / Year
openai.com Logo
OpenAI
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7+ years of hands-on red team experience or exceptional accomplishments demonstrating equivalent expertise
  • Deep expertise conducting offensive security operations within modern technology companies
  • Experience designing, developing, or testing assessing the security of AI-powered systems
  • Experience working finding, exploiting and mitigating common vulnerabilities in AI systems like prompt injection, leaking sensitive data, confused deputies, and dynamically generated UI components
  • Exceptional skill in code review, identifying novel and subtle vulnerabilities
  • Proven experience performing offensive security assessments in at least one hyperscaler cloud environment (Azure preferred)
  • Demonstrated mastery assessing complex technology stacks, including: Highly customized Kubernetes clusters, Container environments, CI/CD pipelines, GitHub security, macOS and Linux operating systems, Data science tooling and environments, Python-based web services, React-based frontend applications
  • Strong intuitive understanding of trust boundaries and risk assessment in dynamic contexts
  • Excellent coding skills, capable of writing robust tools and automation for offensive operations
  • Ability to communicate complex technical concepts effectively through compelling storytelling
Job Responsibility
Job Responsibility
  • Continuously hunt for vulnerabilities in the interactions between the applications, infrastructure, and models that power our agentic products
  • Conduct open-scope red and purple team operations, simulating realistic attack scenarios
  • Collaborate proactively with defensive security teams to enhance detection, response, and mitigation capabilities
  • Perform comprehensive penetration testing on our diverse suite of products
  • Leverage advanced automation and OpenAI technologies to optimize your offensive security work
  • Present insightful, actionable findings clearly and compellingly to inspire impactful change
  • Influence security strategy by providing attacker-driven insights into risk and threat modeling
What we offer
What we offer
  • Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts
  • Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit)
  • 401(k) retirement plan with employer match
  • Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks)
  • Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees
  • 13+ paid company holidays, and multiple paid coordinated company office closures throughout the year for focus and recharge, plus paid sick or safe time (1 hour per 30 hours worked, or more, as required by applicable state or local law)
  • Mental health and wellness support
  • Employer-paid basic life and disability coverage
  • Annual learning and development stipend to fuel your professional growth
  • Daily meals in our offices, and meal delivery credits as eligible
  • Fulltime
Read More
Arrow Right

Security Testing Senior Analyst (Purple Team)

Reporting to the Attack Surface Reduction Senior Manager, the Security Testing S...
Location
Location
Ireland , Cork; Dublin
Salary
Salary:
Not provided
alterdomus.com Logo
Alter Domus
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in Computer Science, Information Security, or equivalent experience
  • Minimum of 3+ years in offensive security, penetration testing, vulnerability management, security threat assessment, or related roles
  • Experience in scoping and planning technical security assessments (red team, penetration testing, adversarial simulations, or similar)
  • Strong understanding of offensive security principles, common attack vectors, and the general testing lifecycle
  • Demonstrated experience in remediation tracking, stakeholder coordination, and cross-functional communication
  • Ability to translate complex technical findings into clear business risk and actionable remediation plans
  • Familiarity with frameworks such as MITRE ATT&CK, OWASP Top 10, NIST, CIS, and ISO security standards
  • Strong organizational skills, with proven ability to manage multiple concurrent engagements
  • Excellent communication, presentation, and relationship-building skills
  • Relevant certifications such as Security+, CySA+, GSEC, OSCP, CRTO, or similar are a plus
Job Responsibility
Job Responsibility
  • Lead the scoping and definition of red-team and adversarial simulation engagements, including determining goals, targets, timelines, and rules of engagement
  • Coordinate with business units, IT teams, and leadership to gather requirements, understand operational constraints, and ensure testing activities align with business risk
  • Develop structured engagement plans, including resource planning, attack paths, testing schedules, and expected deliverables
  • Serve as the primary point of contact throughout the engagement lifecycle
  • Track remediation activities, ensuring findings are clearly documented, assigned to responsible teams, monitored to completion, and remediated within defined SLAs
  • Host recurring remediation review sessions with stakeholders to validate progress and support their efforts in resolving identified weaknesses
  • Maintain a detailed engagement tracker for planning, scheduling, resource allocation, remediation status, and operational metrics
  • Support and occasionally lead technical testing activities where required
  • Prepare and deliver reports, dashboards, and executive summaries that clearly communicate risk, findings, remediation status, and testing outcomes
  • Partner with security operations, detection engineering, and infrastructure teams to ensure lessons learned are integrated into continuous improvement efforts
What we offer
What we offer
  • Support for professional accreditations such as ACCA and study leave
  • Flexible arrangements, generous holidays, plus an additional day off for your birthday
  • Continuous mentoring along your career progression
  • Active sports, events and social committees across our offices
  • 24/7 support available from our Employee Assistance Program
  • The opportunity to invest in our growth and success through our Employee Share Plan
  • Fulltime
Read More
Arrow Right

Cyber Security Engineer

A global leader in the transportation and logistics industry is seeking a senior...
Location
Location
Australia , Melbourne
Salary
Salary:
Not provided
https://www.randstad.com Logo
Randstad
Expiration Date
June 29, 2026
Flip Icon
Requirements
Requirements
  • Minimum 5 years of professional experience across SOC, Incident Response, Forensics, Detection Engineering, and SOAR
  • Hands-on experience with major SIEM/SOAR platforms, including Splunk ES, Splunk SOAR, Microsoft Sentinel, Crowdstrike Nextgen SIEM, or Palo Alto Cortex XSOAR
  • Expertise in threat detection use case development and a strong understanding of MITRE ATT&CK and attacker TTPs
  • Proficiency in scripting and automation (PowerShell, Python)
  • Experience or exposure to IT/OT infrastructure, applications, cloud, mobile, and IoT environments
  • Security qualifications
  • Bachelor Degree
Job Responsibility
Job Responsibility
  • Lead the end-to-end management of detection use cases—from concept to tuning—using major SIEM platforms
  • Develop, deploy, and maintain SOAR playbooks and automation use cases
  • Work with Offensive Security and technology teams to enhance capabilities, support purple teaming, and drive operational efficiency through automation and AI integration
  • Fulltime
!
Read More
Arrow Right

Senior Security Engineer

As a Senior Security Engineer at Bitwarden, you will be responsible for conducti...
Location
Location
United States
Salary
Salary:
140000.00 - 180000.00 USD / Year
bitwarden.com Logo
Bitwarden
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience with Penetration Testing Tools, such as Burp Suite, NMAP, Nessus, Metasploit, Kali Linux, SQLMap, Owasp ZAP, and manual testing tools
  • In-depth knowledge of leading vulnerability management tools and strategies
  • In-depth understanding and usage of application security testing technologies is a plus
  • Understanding of authentication concepts, including OpenIDConnect, SAML, OAuth, and SSO flows
  • Strong working knowledge of vulnerability management tools, data and network security technologies
  • Collaborative and adaptable mindset
  • Openness and authenticity combined with excellent communication skills
  • Excitement and enthusiasm for open source and for better internet security
  • Excellent problem-solving skills
  • Ability to maintain discretion, handle sensitive information, and maintain security best-practices
Job Responsibility
Job Responsibility
  • Research emerging threats across the surface web, dark web, and deep web
  • Build threat models, conduct threat hunts, and plan and execute purple team engagements
  • Coordinate internal red team testing operations that emulate a threat actor
  • Collaborate with application development teams, platform engineers, and Security Operations Center (SOC) engineers to improve our offensive and defensive security controls
  • Contribute to vulnerability testing and analysis as well as incident response and analysis
  • Include testing for web, mobile, CLI, and desktop application security issues across our multi-product portfolio, including Bitwarden Password Manager, Secrets Manager, and Passwordless.dev, our APIs, serverless functions, and database
  • Participate in code reviews, learning and spreading technical knowledge about security posture
  • Contribute to resolutions for security-related issues
  • Coordinate technical validation and leadership review of purple team reports detailing testing results and potential areas of improvement
  • Conduct internal penetration tests on systems and networks to determine realistic threat vectors
  • Fulltime
Read More
Arrow Right

Offensive Security Specialist

Deel is seeking a highly skilled Offensive Security Specialist with deep experie...
Location
Location
Salary
Salary:
Not provided
deel.com Logo
Deel
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of hands-on experience in Red Teaming, Offensive Security, or Penetration Testing (or exceptional accomplishments that demonstrate equivalent expertise)
  • Deep expertise in offensive security operations within modern and cutting-edge technology environments, with a history of simulating sophisticated threats against complex systems
  • Experience designing, developing, or assessing the security of a wide range of systems, including web and mobile applications, network and cloud infrastructure, microservices, and AI-powered platforms
  • Demonstrated mastery in evaluating complex technology stacks, including containerized and Kubernetes environments, CI/CD pipelines, various operating systems, cutting-edge technologies, and AI-powered platforms and systems
  • Strong understanding of trust boundaries and dynamic risk assessment, with the intuition to identify where security assumptions break down in complex, evolving architectures
  • Coding and scripting skills, with the ability to develop robust custom tools and automation to support offensive operations
  • Ability to communicate complex technical concepts to diverse audiences effectively, including through compelling storytelling and narrative techniques to convey the implications of security issues
  • Proven track record of not only discovering critical vulnerabilities but also driving their remediation, contributing fixes or mitigation strategies in complex codebases
Job Responsibility
Job Responsibility
  • Perform comprehensive penetration testing on our diverse suite of products and services to uncover security flaws before adversaries can exploit them
  • Design and execute adversary emulation engagements aligned with the MITRE ATT&CK framework and real-world tactics, techniques, and procedures (TTPs) to ensure our simulations mirror actual threat actors
  • Continuously hunt for vulnerabilities across our web and mobile applications, as well as within our underlying infrastructure and cloud environments, proactively identifying security vulnerabilities
  • Perform specialized penetration testing on AI-based systems and platforms, evaluating the security of machine learning applications and related technologies for novel vulnerabilities
  • Conduct targeted cyber threat intelligence research to inform offensive operations, ensuring that red team scenarios are based on current and relevant threat actor behaviors and support investigations
  • Design and execute phishing campaigns and other social engineering exercises to test and improve organizational awareness and resilience against human-focused attacks
  • Develop custom exploits, tools, and automation to enhance red team operations, enabling more efficient and stealthy attack simulations and the ability to bypass advanced security controls
  • Conduct purple team operations that simulate realistic attack scenarios to test our organization’s detection and response capabilities
  • Partner with defensive security and engineering teams to translate findings into measurable security improvements - Enhancing detection, response, and mitigation capabilities
  • driving timely remediation through robust fixes and delivering clear, actionable communications that articulate risk, impact, and required change
What we offer
What we offer
  • Stock grant opportunities dependent on your role, employment status and location
  • Additional perks and benefits based on your employment status and country
  • The flexibility of remote work, including optional WeWork access
  • Fulltime
Read More
Arrow Right