CrawlJobs Logo

Offensive Security Engineer, Purple Team

meta.com Logo

Meta

Location Icon

Location:
United States , Bellevue

Category Icon
Category:
IT - Software Development

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

122000.00 - 181000.00 USD / Year
Save Job
Save Icon
Apply Position

Job Description:

Meta's Offensive Security Group is seeking an experienced Offensive Security Engineer to join our team. As a key member of the team, you will be responsible for executing tactical, offensive assessments across various environments, emulating internal and external threats, and driving remediations to improve the organization's security posture.

Job Responsibility:

  • Conduct offensive security engagements, including Red Team operations, threat-based evaluations, and vulnerability research and exploitation against both internal and external facing systems
  • Design, scope, and lead complex technical assessments, Purple Team Engagements, and other security initiatives to test attack detection and prevention effectiveness
  • Automate portions of assessments, scoping, or other offensive security work to inform and drive our engagements
  • Incorporate Threat Intelligence research to track APT trends and help partners test their environments against new and emerging threats
  • Collaborate with cross-functional teams, including Incident Response, Product Security, and other security partners, to align remediation efforts and drive fixes after testing cycles
  • Develop and maintain relationships with internal customers to identify and facilitate solutions to increase the impact of the team's work
  • Influence and align the team’s direction and strategy, and collaboratively prioritize and deliver specific multi-year roadmaps and projects

Requirements:

  • Bachelor's degree (or foreign degree equivalent) in Information Systems Engineering, Computer Science, Engineering, Information Security, Cyber Security, Information Assurance, or equivalent experience
  • 2+ years of experience in Red Teaming, Penetration Testing, and/or cyber threat hunting
  • Experience with coding/scripting skills in one or more general purpose languages

Nice to have:

  • Relevant certifications such as Offensive Security Certified Professional, Offensive Security Exploitation Professional, Certified Red Team Operator, or Certified Red Team Leader
  • Public tools, presentations, or research published on Cybersecurity
What we offer:
  • bonus
  • equity
  • benefits

Additional Information:

Job Posted:
January 23, 2026

Icon
Meta - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Offensive Security Engineer, Purple Team

Staff Offensive Security Engineer

At GEICO, we offer a rewarding career where your ambitions are met with endless ...
Location
Location
United States , Chevy Chase; Palo Alto; Seattle
Salary
Salary:
115000.00 - 230000.00 USD / Year
geico.com Logo
Geico
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Mastery of vulnerability discovery and exploitation across applications, networks, and cloud using tools (e.g., Burp Suite, Metasploit), and custom scripts (Python, PowerShell)
  • Advanced understanding of OWASP, MITRE ATT&CK framework, software development lifecycle (SDLC), threat modeling, red/purple teaming, and attack path development
  • Hands-on experience with tools like Cobalt Strike, Mythic, BloodHound, and AutoSploit
  • Relevant professional security certifications (e.g. from GIAC or others)
  • Proven experience in achieving results efficiently through automation and establishing best practices
  • Proven track record to deliver business outcomes for meeting regulatory and compliance obligations
  • Ability to force multiply through coaching and mentorship to offensive security engineers across all functions (penetration testing, red teaming, purple teaming)
  • 8+ years in engineering focused role, preferably in the tech industry
  • 5+ years of experience in offensive security (penetrating testing, red team, and purple team)
  • 5+ years of hands-on experience performing penetration-testing, red teaming, and purple teaming activities
Job Responsibility
Job Responsibility
  • Lead highly effective large-scale penetration testing initiatives
  • Participate in simulating real-world cyber-attacks (red teaming), and collaborating with defensive security teams (purple teaming)
  • Conduct tactical security penetration test assessments to validate the security of company applications (web, mobile, APIs, and AI products) against OWASP Top 10 threats and work with the Application Security team to provide feedback and recommendations to increase automated capabilities
  • Ensure penetration testing activities are meeting security, business, and compliance objectives and outcomes
  • Design and execute advanced threat emulation scenarios, including physical, social, and digital attack vectors
  • Collaborate with Blue Teams, Threat Intelligence, and Risk Management to ensure comprehensive attack coverage and feedback loops
  • Ensure operations align with industry regulations and compliance standards such as NIST, PCI DSS, and NYDFS
  • Champion continuous improvement and innovation in penetration testing, adversary simulation techniques, tools, and methodologies
What we offer
What we offer
  • Comprehensive Total Rewards program that offers personalized coverage tailor-made for you and your family’s overall well-being
  • Financial benefits including market-competitive compensation
  • a 401K savings plan vested from day one that offers a 6% match
  • performance and recognition-based incentives
  • and tuition assistance
  • Access to additional benefits like mental healthcare as well as fertility and adoption assistance
  • Supports flexibility- We provide workplace flexibility as well as our GEICO Flex program, which offers the ability to work from anywhere in the US for up to four weeks per year
  • Fulltime
Read More
Arrow Right

Senior Penetration Tester

As a Penetration Tester, you'll conduct regular, comprehensive security assessme...
Location
Location
Belgium , Brussels
Salary
Salary:
Not provided
https://www.soprasteria.com Logo
Sopra Steria
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Minimum of 5 years' experience in one or more of the following areas: Penetration Tester, Red/Purple Team Member, Security Engineer
  • Knowledge of technologies up to system level (web frameworks, communications protocols, database systems)
  • Offensive security knowledge of cyber-attack techniques, vulnerabilities, and mitigation strategies
  • Knowledge of penetration testing tools, frameworks, and methodology
  • Skills using Kali Linux, Nmap, PowerShell, Metasploit, Cobalt Strike, OWASP ZAP, Burp Suite
  • Proficiency in scripting
  • Awareness of frameworks such as MITRE ATT&CK and NIST and how they can be applied effectively within an enterprise
  • Familiarity with the latest exploits, tactics, techniques, and procedures (TTP), vulnerability remediation and security trends
  • Cyber security qualifications from Offensive Security, SANS, Pentester Academy, CREST, eLearnSecurity or others
Job Responsibility
Job Responsibility
  • Scoping and executing of complex penetrations test across a wide scope of technologies, products, services, and applications and critical infrastructure companies
  • Helping the team to define and improve the internal security testing programme
  • Documenting technical issues both Cyber and IT related during testing assessments
  • Improve our monitoring services by working in purple style exercises and operating in a red team capacity to improve the ability to detect and respond to threats
  • Supporting incident response by providing context and expertise around cyber threats
  • Mentor to our junior & medior colleagues
What we offer
What we offer
  • Extensive career development opportunities, both local and international
  • Part of a dynamic network of 56,000 professionals at all stages of their careers
  • Wide array of offices to explore
  • Fulltime
Read More
Arrow Right

Offensive Security Specialist

Deel is seeking a highly skilled Offensive Security Specialist with deep experie...
Location
Location
Salary
Salary:
Not provided
deel.com Logo
Deel
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of hands-on experience in Red Teaming, Offensive Security, or Penetration Testing (or exceptional accomplishments that demonstrate equivalent expertise)
  • Deep expertise in offensive security operations within modern and cutting-edge technology environments, with a history of simulating sophisticated threats against complex systems
  • Experience designing, developing, or assessing the security of a wide range of systems, including web and mobile applications, network and cloud infrastructure, microservices, and AI-powered platforms
  • Demonstrated mastery in evaluating complex technology stacks, including containerized and Kubernetes environments, CI/CD pipelines, various operating systems, cutting-edge technologies, and AI-powered platforms and systems
  • Strong understanding of trust boundaries and dynamic risk assessment, with the intuition to identify where security assumptions break down in complex, evolving architectures
  • Coding and scripting skills, with the ability to develop robust custom tools and automation to support offensive operations
  • Ability to communicate complex technical concepts to diverse audiences effectively, including through compelling storytelling and narrative techniques to convey the implications of security issues
  • Proven track record of not only discovering critical vulnerabilities but also driving their remediation, contributing fixes or mitigation strategies in complex codebases
Job Responsibility
Job Responsibility
  • Perform comprehensive penetration testing on our diverse suite of products and services to uncover security flaws before adversaries can exploit them
  • Design and execute adversary emulation engagements aligned with the MITRE ATT&CK framework and real-world tactics, techniques, and procedures (TTPs) to ensure our simulations mirror actual threat actors
  • Continuously hunt for vulnerabilities across our web and mobile applications, as well as within our underlying infrastructure and cloud environments, proactively identifying security vulnerabilities
  • Perform specialized penetration testing on AI-based systems and platforms, evaluating the security of machine learning applications and related technologies for novel vulnerabilities
  • Conduct targeted cyber threat intelligence research to inform offensive operations, ensuring that red team scenarios are based on current and relevant threat actor behaviors and support investigations
  • Design and execute phishing campaigns and other social engineering exercises to test and improve organizational awareness and resilience against human-focused attacks
  • Develop custom exploits, tools, and automation to enhance red team operations, enabling more efficient and stealthy attack simulations and the ability to bypass advanced security controls
  • Conduct purple team operations that simulate realistic attack scenarios to test our organization’s detection and response capabilities
  • Partner with defensive security and engineering teams to translate findings into measurable security improvements - Enhancing detection, response, and mitigation capabilities
  • driving timely remediation through robust fixes and delivering clear, actionable communications that articulate risk, impact, and required change
What we offer
What we offer
  • Stock grant opportunities dependent on your role, employment status and location
  • Additional perks and benefits based on your employment status and country
  • The flexibility of remote work, including optional WeWork access
  • Fulltime
Read More
Arrow Right
New

Security Testing Senior Analyst (Purple Team)

Reporting to the Attack Surface Reduction Senior Manager, the Security Testing S...
Location
Location
Ireland , Cork; Dublin
Salary
Salary:
Not provided
alterdomus.com Logo
Alter Domus
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in Computer Science, Information Security, or equivalent experience
  • Minimum of 3+ years in offensive security, penetration testing, vulnerability management, security threat assessment, or related roles
  • Experience in scoping and planning technical security assessments (red team, penetration testing, adversarial simulations, or similar)
  • Strong understanding of offensive security principles, common attack vectors, and the general testing lifecycle
  • Demonstrated experience in remediation tracking, stakeholder coordination, and cross-functional communication
  • Ability to translate complex technical findings into clear business risk and actionable remediation plans
  • Familiarity with frameworks such as MITRE ATT&CK, OWASP Top 10, NIST, CIS, and ISO security standards
  • Strong organizational skills, with proven ability to manage multiple concurrent engagements
  • Excellent communication, presentation, and relationship-building skills
  • Relevant certifications such as Security+, CySA+, GSEC, OSCP, CRTO, or similar are a plus
Job Responsibility
Job Responsibility
  • Lead the scoping and definition of red-team and adversarial simulation engagements, including determining goals, targets, timelines, and rules of engagement
  • Coordinate with business units, IT teams, and leadership to gather requirements, understand operational constraints, and ensure testing activities align with business risk
  • Develop structured engagement plans, including resource planning, attack paths, testing schedules, and expected deliverables
  • Serve as the primary point of contact throughout the engagement lifecycle
  • Track remediation activities, ensuring findings are clearly documented, assigned to responsible teams, monitored to completion, and remediated within defined SLAs
  • Host recurring remediation review sessions with stakeholders to validate progress and support their efforts in resolving identified weaknesses
  • Maintain a detailed engagement tracker for planning, scheduling, resource allocation, remediation status, and operational metrics
  • Support and occasionally lead technical testing activities where required
  • Prepare and deliver reports, dashboards, and executive summaries that clearly communicate risk, findings, remediation status, and testing outcomes
  • Partner with security operations, detection engineering, and infrastructure teams to ensure lessons learned are integrated into continuous improvement efforts
What we offer
What we offer
  • Support for professional accreditations such as ACCA and study leave
  • Flexible arrangements, generous holidays, plus an additional day off for your birthday
  • Continuous mentoring along your career progression
  • Active sports, events and social committees across our offices
  • 24/7 support available from our Employee Assistance Program
  • The opportunity to invest in our growth and success through our Employee Share Plan
  • Fulltime
Read More
Arrow Right

Senior Security Engineer

As a Senior Security Engineer at Bitwarden, you will be responsible for conducti...
Location
Location
United States
Salary
Salary:
140000.00 - 180000.00 USD / Year
bitwarden.com Logo
Bitwarden
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience with Penetration Testing Tools, such as Burp Suite, NMAP, Nessus, Metasploit, Kali Linux, SQLMap, Owasp ZAP, and manual testing tools
  • In-depth knowledge of leading vulnerability management tools and strategies
  • In-depth understanding and usage of application security testing technologies is a plus
  • Understanding of authentication concepts, including OpenIDConnect, SAML, OAuth, and SSO flows
  • Strong working knowledge of vulnerability management tools, data and network security technologies
  • Collaborative and adaptable mindset
  • Openness and authenticity combined with excellent communication skills
  • Excitement and enthusiasm for open source and for better internet security
  • Excellent problem-solving skills
  • Ability to maintain discretion, handle sensitive information, and maintain security best-practices
Job Responsibility
Job Responsibility
  • Research emerging threats across the surface web, dark web, and deep web
  • Build threat models, conduct threat hunts, and plan and execute purple team engagements
  • Coordinate internal red team testing operations that emulate a threat actor
  • Collaborate with application development teams, platform engineers, and Security Operations Center (SOC) engineers to improve our offensive and defensive security controls
  • Contribute to vulnerability testing and analysis as well as incident response and analysis
  • Include testing for web, mobile, CLI, and desktop application security issues across our multi-product portfolio, including Bitwarden Password Manager, Secrets Manager, and Passwordless.dev, our APIs, serverless functions, and database
  • Participate in code reviews, learning and spreading technical knowledge about security posture
  • Contribute to resolutions for security-related issues
  • Coordinate technical validation and leadership review of purple team reports detailing testing results and potential areas of improvement
  • Conduct internal penetration tests on systems and networks to determine realistic threat vectors
  • Fulltime
Read More
Arrow Right

Senior Threat Emulation Team Member

As a senior member of the Threat Emulation team within Admiral’s Cyber Security ...
Location
Location
Salary
Salary:
Not provided
admiralgroup.co.uk Logo
Admiral Group Plc
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 3+ Years of delivering offensive security exercises
  • Highly responsive and proven professionalism in communication, interpersonal, analytical, and organizational skills
  • Experience of being a technical lead on security testing engagements
  • A strong technical background is required with in-depth experience in several of the following areas: CI/CD Pipelines/DevOps
  • Cloud and Cloud Security (Specifically Azure and GCP)
  • LLM Security Considerations
  • Applications of AI in Offensive Security
  • Scenario/objective based Penetration Testing/Red Teaming
  • Purple Teaming
  • Microsoft AD, Entra and In-Tune
Job Responsibility
Job Responsibility
  • Owning the delivery of Threat Emulation services through the full lifecycle, including taking responsibility for delivery of key projects and workstreams through to completion
  • Proactively analyse business needs, research
  • recommend solutions and drive their adoption
  • Identifying key opportunities to provide current and new security testing services across the business
  • Developing novel and innovative capabilities within the team
  • Performing post exercise or incident reviews and proposing resolutions using their subject matter expertise
  • Act as a point of escalation for the team and wider cyber department
  • Mentor and develop team members and peers
  • Define, develop and improve procedures, and processes for the team and wider operations department
  • Publish reporting and communications to key stakeholders, including briefings, presentations, control group calls/updates
What we offer
What we offer
  • Everyone receives 33 days holiday (including bank holidays) when they join us, increasing the longer you stay with us, up to a maximum of 38 days (including bank holidays). You also have the option to buy or sell up to an additional five days of annual leave
  • Financial & Mortgage Advice
  • 24-Hour Ecare
  • Cycle to Work Scheme
  • Annual Holiday Allowance
  • Flexible Working
  • Simply Health
  • Private Health Cover
  • Critical Illness Cover
  • Eligible for up to £3,600 of free shares each year after one year of service
  • Fulltime
Read More
Arrow Right

Staff Engineer, Offensive Security

The Staff Engineer acts as a Technical Lead. You don't just find bugs; you desig...
Location
Location
Ireland
Salary
Salary:
Not provided
stytch.com Logo
Stytch
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7-10 years in offensive security, penetration testing, a high-volume bug bounty background, AppSec, or vulnerability exploitation
  • track record of finding high/critical vulnerabilities in complex environments using pentesting commercial or custom tools
  • Expert Knowledge and solid understanding of the MITRE ATT&CK matrix and the OWASP Top 10 for web applications and top 10 for LLMs
  • post exploitation (lateral movement, persistence, data exfiltration) and Adversarial ML
  • Proficient in OffSec popular tools like Burp Suite professional, Nmap, Metasploit, Wireshark etc... and AI security tools such as LangChain, TensorFlow for adversarial testing or, as well as use of C2 frameworks (Cobalt Strike, Sliver, Havoc) or similar tools
  • Ability to write functional scripts in Python or Bash to automate repetitive testing tasks
  • proficiency in coding and scripting like Python, C++, and scripting for creating custom offensive exploits that avoids signature-based detection
  • Possession of advanced industry certifications such as OSCP, OSEP, OSWE, GXPN or similar training in OffSec tracks is highly desirable
Job Responsibility
Job Responsibility
  • Full-Stack Penetration Testing: Perform manual and automated testing of web applications, APIs, and mobile apps (iOS/Android)
  • Internal/External Network Audits: Conduct network and cloud level assessments with various tooling
  • Vulnerability Validation: Triage and validate reports from automated scanners or bug bounty hunters to eliminate false positives and escalate true positives
  • AI/LLM Probing: Perform initial prompt injection and jailbreak tests on AI prototypes, services, and applications using established checklists (OWASP Top 10 for LLMs)
  • Technical Reporting: Draft high-quality reports that detail the 'path to compromise' with clear, reproducible steps for developers
  • Tool Maintenance: Manage and update the team's testing infrastructure (e.g., Burp Suite, and basic C2 listeners)
  • Remediation Support: Provide direct technical guidance to engineering teams on how to patch vulnerabilities like XSS, SQLi, and IDOR
  • Adversary Emulation: Design and lead multi-week Red Team operations that mimic specific threat actors (APTs) to test the SIRT detection capabilities
  • Custom Exploit Development: Build custom payloads, droppers, and obfuscated scripts to bypass EDR/AV and maintain stealth
  • AI Red Teaming Architecture: Build automated testing frameworks for AI systems (e.g., using PyRIT, Promptfoo, or Garak) to test for models related to sensitive data leakage
What we offer
What we offer
  • competitive pay
  • generous time off
  • ample parental and wellness leave
  • healthcare
  • a retirement savings program
Read More
Arrow Right

Offensive Security Engineer

We're seeking an exceptional Principal-level Offensive Security Engineer to chal...
Location
Location
United States , San Francisco; Seattle; New York City; Washington
Salary
Salary:
277600.00 - 490000.00 USD / Year
openai.com Logo
OpenAI
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7+ years of hands-on red team experience or exceptional accomplishments demonstrating equivalent expertise
  • Deep expertise conducting offensive security operations within modern technology companies
  • Experience designing, developing, or testing assessing the security of AI-powered systems
  • Experience working finding, exploiting and mitigating common vulnerabilities in AI systems like prompt injection, leaking sensitive data, confused deputies, and dynamically generated UI components
  • Exceptional skill in code review, identifying novel and subtle vulnerabilities
  • Proven experience performing offensive security assessments in at least one hyperscaler cloud environment (Azure preferred)
  • Demonstrated mastery assessing complex technology stacks, including: Highly customized Kubernetes clusters, Container environments, CI/CD pipelines, GitHub security, macOS and Linux operating systems, Data science tooling and environments, Python-based web services, React-based frontend applications
  • Strong intuitive understanding of trust boundaries and risk assessment in dynamic contexts
  • Excellent coding skills, capable of writing robust tools and automation for offensive operations
  • Ability to communicate complex technical concepts effectively through compelling storytelling
Job Responsibility
Job Responsibility
  • Continuously hunt for vulnerabilities in the interactions between the applications, infrastructure, and models that power our agentic products
  • Conduct open-scope red and purple team operations, simulating realistic attack scenarios
  • Collaborate proactively with defensive security teams to enhance detection, response, and mitigation capabilities
  • Perform comprehensive penetration testing on our diverse suite of products
  • Leverage advanced automation and OpenAI technologies to optimize your offensive security work
  • Present insightful, actionable findings clearly and compellingly to inspire impactful change
  • Influence security strategy by providing attacker-driven insights into risk and threat modeling
What we offer
What we offer
  • Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts
  • Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit)
  • 401(k) retirement plan with employer match
  • Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks)
  • Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees
  • 13+ paid company holidays, and multiple paid coordinated company office closures throughout the year for focus and recharge, plus paid sick or safe time (1 hour per 30 hours worked, or more, as required by applicable state or local law)
  • Mental health and wellness support
  • Employer-paid basic life and disability coverage
  • Annual learning and development stipend to fuel your professional growth
  • Daily meals in our offices, and meal delivery credits as eligible
  • Fulltime
Read More
Arrow Right