CrawlJobs Logo

Offensive Security Engineer

United States, San Francisco 277600.00 - 490000.00 USD / Year · Job Posted February 21, 2026
Apply Position
Job Link Share

Job Description

We're seeking an exceptional Principal-level Offensive Security Engineer to challenge and strengthen OpenAI's security posture. This role isn't your typical red team job - it's an opportunity to engage broadly and deeply, craft innovative attack simulations, collaborate closely with defensive teams, and influence strategic security improvements across the organization. You'll have the chance to not only find vulnerabilities but actively drive their resolution, automate offensive techniques with cutting-edge technologies, and use your unique attacker perspective to shape our security strategy. This role will be primarily focused on continuously testing our agent powered products like codex and operator. These systems are uniquely valuable targets because they’re rapidly evolving, have access to perform sensitive actions on behalf of users, and have large, diverse attack surfaces. You will play a crucial role in securing our agents by hunting for realistic vulnerabilities that emerge from the interactions between the applications, infrastructure, and models that power them.

Job Responsibility

  • Continuously hunt for vulnerabilities in the interactions between the applications, infrastructure, and models that power our agentic products
  • Conduct open-scope red and purple team operations, simulating realistic attack scenarios
  • Collaborate proactively with defensive security teams to enhance detection, response, and mitigation capabilities
  • Perform comprehensive penetration testing on our diverse suite of products
  • Leverage advanced automation and OpenAI technologies to optimize your offensive security work
  • Present insightful, actionable findings clearly and compellingly to inspire impactful change
  • Influence security strategy by providing attacker-driven insights into risk and threat modeling

Requirements

  • 7+ years of hands-on red team experience or exceptional accomplishments demonstrating equivalent expertise
  • Deep expertise conducting offensive security operations within modern technology companies
  • Experience designing, developing, or testing assessing the security of AI-powered systems
  • Experience working finding, exploiting and mitigating common vulnerabilities in AI systems like prompt injection, leaking sensitive data, confused deputies, and dynamically generated UI components
  • Exceptional skill in code review, identifying novel and subtle vulnerabilities
  • Proven experience performing offensive security assessments in at least one hyperscaler cloud environment (Azure preferred)
  • Demonstrated mastery assessing complex technology stacks, including: Highly customized Kubernetes clusters, Container environments, CI/CD pipelines, GitHub security, macOS and Linux operating systems, Data science tooling and environments, Python-based web services, React-based frontend applications
  • Strong intuitive understanding of trust boundaries and risk assessment in dynamic contexts
  • Excellent coding skills, capable of writing robust tools and automation for offensive operations
  • Ability to communicate complex technical concepts effectively through compelling storytelling
  • Proven track record of not just finding vulnerabilities but actively contributing to solutions in complex codebases

Nice to have

  • Background or expertise in AI or data science
  • Prior experience working in tech startups or fast-paced technology environments
  • Experience in related disciplines such as Software Engineering (SWE), Detection Engineering, Site Reliability Engineering (SRE), Security Engineering, or IT Infrastructure

What we offer

  • Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts
  • Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit)
  • 401(k) retirement plan with employer match
  • Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks)
  • Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees
  • 13+ paid company holidays, and multiple paid coordinated company office closures throughout the year for focus and recharge, plus paid sick or safe time (1 hour per 30 hours worked, or more, as required by applicable state or local law)
  • Mental health and wellness support
  • Employer-paid basic life and disability coverage
  • Annual learning and development stipend to fuel your professional growth
  • Daily meals in our offices, and meal delivery credits as eligible
  • Relocation support for eligible employees
  • Additional taxable fringe benefits, such as charitable donation matching and wellness stipends, may also be provided
  • Offers Equity
  • performance-related bonus(es) for eligible employees

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Offensive Security Engineer

8 matching positions

Offensive Security Engineer

Meta Platforms, Inc. (Meta), formerly known as Facebook Inc., builds technologie...
Location
Location
United States , Bellevue
Salary
Salary:
176890.00 - 209000.00 USD / Year
meta.com Logo
Meta
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Requires a Bachelor’s degree (or foreign degree equivalent) in Computer Science, Cybersecurity, or related field
  • Requires completion of university-level coursework, research project or internship involving the following: High level scripting and coding
  • Research, develop, and execute adversary tactics, techniques, and procedures (TTPs) across the range of the attack lifecycle
  • Understanding of the attack lifecycle, and offensive security concepts in Red Team operations
  • Experience with exploiting common security vulnerabilities and bypassing security controls
  • Experience in at least one of the following security areas - Network security, Web, desktop and/or mobile application security, source code review, fuzzing and/or analysis, reverse engineering, exploit development and/or vulnerability research
Job Responsibility
Job Responsibility
  • Conduct offensive security engagements, including Red Team operations, threat-based evaluations, and vulnerability research and exploitation against both internal and external facing systems
  • Research, develop, and execute adversary tactics, techniques, and procedures (TTPs) across the range of the attack lifecycle
  • Collaborate with cross-functional teams, including Incident Response, Product Security, and other security partners, to align remediation efforts and drive fixes after testing cycles
  • Automate portions of assessments, scoping, or other offensive security work to inform and drive our engagements
What we offer
What we offer
  • bonus
  • equity
  • benefits
  • Fulltime
Read More
Arrow Right

Staff Engineer, Offensive Security

The Staff Engineer acts as a Technical Lead. You don't just find bugs; you desig...
Location
Location
Ireland
Salary
Salary:
Not provided
stytch.com Logo
Stytch
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7-10 years in offensive security, penetration testing, a high-volume bug bounty background, AppSec, or vulnerability exploitation
  • track record of finding high/critical vulnerabilities in complex environments using pentesting commercial or custom tools
  • Expert Knowledge and solid understanding of the MITRE ATT&CK matrix and the OWASP Top 10 for web applications and top 10 for LLMs
  • post exploitation (lateral movement, persistence, data exfiltration) and Adversarial ML
  • Proficient in OffSec popular tools like Burp Suite professional, Nmap, Metasploit, Wireshark etc... and AI security tools such as LangChain, TensorFlow for adversarial testing or, as well as use of C2 frameworks (Cobalt Strike, Sliver, Havoc) or similar tools
  • Ability to write functional scripts in Python or Bash to automate repetitive testing tasks
  • proficiency in coding and scripting like Python, C++, and scripting for creating custom offensive exploits that avoids signature-based detection
  • Possession of advanced industry certifications such as OSCP, OSEP, OSWE, GXPN or similar training in OffSec tracks is highly desirable
Job Responsibility
Job Responsibility
  • Full-Stack Penetration Testing: Perform manual and automated testing of web applications, APIs, and mobile apps (iOS/Android)
  • Internal/External Network Audits: Conduct network and cloud level assessments with various tooling
  • Vulnerability Validation: Triage and validate reports from automated scanners or bug bounty hunters to eliminate false positives and escalate true positives
  • AI/LLM Probing: Perform initial prompt injection and jailbreak tests on AI prototypes, services, and applications using established checklists (OWASP Top 10 for LLMs)
  • Technical Reporting: Draft high-quality reports that detail the 'path to compromise' with clear, reproducible steps for developers
  • Tool Maintenance: Manage and update the team's testing infrastructure (e.g., Burp Suite, and basic C2 listeners)
  • Remediation Support: Provide direct technical guidance to engineering teams on how to patch vulnerabilities like XSS, SQLi, and IDOR
  • Adversary Emulation: Design and lead multi-week Red Team operations that mimic specific threat actors (APTs) to test the SIRT detection capabilities
  • Custom Exploit Development: Build custom payloads, droppers, and obfuscated scripts to bypass EDR/AV and maintain stealth
  • AI Red Teaming Architecture: Build automated testing frameworks for AI systems (e.g., using PyRIT, Promptfoo, or Garak) to test for models related to sensitive data leakage
What we offer
What we offer
  • competitive pay
  • generous time off
  • ample parental and wellness leave
  • healthcare
  • a retirement savings program
Read More
Arrow Right

Staff Offensive Security Engineer

At GEICO, we offer a rewarding career where your ambitions are met with endless ...
Location
Location
United States , Chevy Chase; Palo Alto; Seattle
Salary
Salary:
115000.00 - 230000.00 USD / Year
geico.com Logo
Geico
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Mastery of vulnerability discovery and exploitation across applications, networks, and cloud using tools (e.g., Burp Suite, Metasploit), and custom scripts (Python, PowerShell)
  • Advanced understanding of OWASP, MITRE ATT&CK framework, software development lifecycle (SDLC), threat modeling, red/purple teaming, and attack path development
  • Hands-on experience with tools like Cobalt Strike, Mythic, BloodHound, and AutoSploit
  • Relevant professional security certifications (e.g. from GIAC or others)
  • Proven experience in achieving results efficiently through automation and establishing best practices
  • Proven track record to deliver business outcomes for meeting regulatory and compliance obligations
  • Ability to force multiply through coaching and mentorship to offensive security engineers across all functions (penetration testing, red teaming, purple teaming)
  • 8+ years in engineering focused role, preferably in the tech industry
  • 5+ years of experience in offensive security (penetrating testing, red team, and purple team)
  • 5+ years of hands-on experience performing penetration-testing, red teaming, and purple teaming activities
Job Responsibility
Job Responsibility
  • Lead highly effective large-scale penetration testing initiatives
  • Participate in simulating real-world cyber-attacks (red teaming), and collaborating with defensive security teams (purple teaming)
  • Conduct tactical security penetration test assessments to validate the security of company applications (web, mobile, APIs, and AI products) against OWASP Top 10 threats and work with the Application Security team to provide feedback and recommendations to increase automated capabilities
  • Ensure penetration testing activities are meeting security, business, and compliance objectives and outcomes
  • Design and execute advanced threat emulation scenarios, including physical, social, and digital attack vectors
  • Collaborate with Blue Teams, Threat Intelligence, and Risk Management to ensure comprehensive attack coverage and feedback loops
  • Ensure operations align with industry regulations and compliance standards such as NIST, PCI DSS, and NYDFS
  • Champion continuous improvement and innovation in penetration testing, adversary simulation techniques, tools, and methodologies
What we offer
What we offer
  • Comprehensive Total Rewards program that offers personalized coverage tailor-made for you and your family’s overall well-being
  • Financial benefits including market-competitive compensation
  • a 401K savings plan vested from day one that offers a 6% match
  • performance and recognition-based incentives
  • and tuition assistance
  • Access to additional benefits like mental healthcare as well as fertility and adoption assistance
  • Supports flexibility- We provide workplace flexibility as well as our GEICO Flex program, which offers the ability to work from anywhere in the US for up to four weeks per year
  • Fulltime
Read More
Arrow Right

Offensive Security Engineer, Hardware

We're seeking an exceptional Principal-level Offensive Security Engineer to chal...
Location
Location
United States , San Francisco
Salary
Salary:
293000.00 - 490000.00 USD / Year
openai.com Logo
OpenAI
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7+ years of hands-on experience or exceptional accomplishments demonstrating equivalent expertise
  • Exceptional skill in code review, identifying novel and subtle vulnerabilities
  • Demonstrated mastery assessing complex technology stacks
  • Proven ability to reverse engineer bootrom images, firmware, or silicon-level components
  • Deep familiarity with low-level kernel operations, secure boot processes, and hardware-software interactions
  • Hands-on experience building and validating secure boot chains and threat models
  • Proficiency with hardware debugging tools (UART, JTAG, SWD, oscilloscopes, logic analyzers)
  • Solid programming skills in C/C++, Python, or assembly for embedded systems
  • Industry experience securing consumer hardware (e.g., mobile devices, IoT, chipsets)
  • Excellent written and verbal communication skills for technical and non-technical audiences
Job Responsibility
Job Responsibility
  • Collaborate proactively with engineering teams to enhance security and mitigate risks in hardware, firmware, and software
  • Perform comprehensive penetration testing on our diverse suite of products
  • Leverage advanced automation and OpenAI technologies to optimize your offensive security work
  • Present insightful, actionable findings clearly and compellingly to inspire impactful change
  • Influence security strategy by providing attacker-driven insights into risk and threat modeling
What we offer
What we offer
  • Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts
  • Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit)
  • 401(k) retirement plan with employer match
  • Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks)
  • Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees
  • 13+ paid company holidays, and multiple paid coordinated company office closures throughout the year for focus and recharge, plus paid sick or safe time (1 hour per 30 hours worked, or more, as required by applicable state or local law)
  • Mental health and wellness support
  • Employer-paid basic life and disability coverage
  • Annual learning and development stipend to fuel your professional growth
  • Daily meals in our offices, and meal delivery credits as eligible
  • Fulltime
Read More
Arrow Right

Staff Offensive Security Engineer

Join us in building the future of finance. Our mission is to democratize finance...
Location
Location
United States , Menlo Park
Salary
Salary:
217000.00 - 255000.00 USD / Year
robinhood.com Logo
Robinhood
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8+ years of Red Team experience
  • Experience mentoring other team members
  • Passion and demonstrated experience for challenging security assumptions
  • Excellent written and verbal communication skills and ability to communicate your findings at many different levels of abstraction from Engineers to Executives
  • Passion for fixing security issues and not just identifying security issues
  • Familiarity with common network protocols and standards such as DNS and TCP/IP
  • Experience with MacOS and Linux
  • Experience with leveraging components of a modern software development stack to attack companies, including CI, container orchestration systems (Kubernetes/Docker), cloud providers (AWS, GCP), etc and be able to give hardening suggestions
  • Experience/knowledge of defensive tools/techniques (IDS/IPS, Packet Capture, Network Analysis, AV, EDR, etc.) and how to evade them
  • Deep understanding of Mitre’s ATT&CK Framework
Job Responsibility
Job Responsibility
  • Evangelize the Offensive Security Team’s Findings and Projects with stakeholders throughout the company and collaborate with other teams to create solutions that balance security with other priorities
  • Mentor and provide guidance to the members of the Offensive Security team
  • Utilize threat modeling to identify threats and shape Red Team priorities and exercises
  • Plan and execute long term, broadly scoped, black box Red Team exercises utilizing vulnerability research, exploit development, and utilizing public proof of concept code
  • Perform penetration testing, code reviews, and design/architecture reviews
  • Write tooling to assist with and automate Red Team assessments
  • Plan and participate in Adversarial Simulation exercises with various security teams
  • Lead Security Incidents when Pentest or Red Team findings require them
  • Publish blog posts and present talks at security conferences
What we offer
What we offer
  • Market competitive and pay equity-focused compensation structure
  • 100% paid health insurance for employees with 90% coverage for dependents
  • Annual lifestyle wallet for personal wellness, learning and development, and more
  • Lifetime maximum benefit for family forming and fertility benefits
  • Dedicated mental health support for employees and eligible dependents
  • Generous time away including company holidays, paid time off, sick time, parental leave, and more
  • Lively office environment with catered meals, fully stocked kitchens, and geo-specific commuter benefits
  • Bonus opportunities
  • Equity
  • Fulltime
Read More
Arrow Right

Senior Offensive Security Engineer

Join us in building the future of finance. Our mission is to democratize finance...
Location
Location
United States , Menlo Park
Salary
Salary:
187000.00 - 220000.00 USD / Year
robinhood.com Logo
Robinhood
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of professional experience in red teaming or offensive security roles
  • Demonstrated ability to communicate security risks effectively across multiple audiences, from engineers to executives
  • Strong programming skills in at least one language (e.g., Python, Go, JavaScript)
  • Deep familiarity with security concepts across MacOS, Linux, cloud platforms (AWS, GCP), CI/CD, and container orchestration systems (e.g., Kubernetes)
  • Experience with detection evasion, vulnerability research, and exploit development
  • Ability to plan and execute long-term, stealthy red team campaigns in black-box environments
  • Strong understanding of MITRE ATT&CK and other industry frameworks
  • Commitment to fixing—not just finding—security issues
Job Responsibility
Job Responsibility
  • Lead and execute red team and Adversarial Simulation exercises to test detection, response, and organizational readiness
  • Perform advanced threat modeling on new and critical services, articulating risk clearly to technical and non-technical stakeholders
  • Conduct penetration testing across infrastructure, applications, networks, and physical environments
  • Collaborate with Detection & Response and Physical Security teams to design and conduct realistic attacker emulations
  • Build tools and automation to improve red team assessments and reporting capabilities
  • Research the latest tactics, techniques, and procedures (TTPs) to inform red team and simulation scenarios
  • Contribute to the security community through blog posts, public talks, or open-source tools
What we offer
What we offer
  • Performance driven compensation with multipliers for outsized impact, bonus programs, equity ownership, and 401(k) matching
  • 100% paid health insurance for employees with 90% coverage for dependents
  • Lifestyle wallet – a highly flexible benefits spending account for wellness, learning, and more
  • Employer-paid life & disability insurance, fertility benefits, and mental health benefits
  • Time off to recharge including company holidays, paid time off, sick time, parental leave, and more
  • Exceptional office experience with catered meals, events, and comfortable workspaces
  • Fulltime
Read More
Arrow Right

Senior Offensive Security Engineer

Join us in building the future of finance. Our mission is to democratize finance...
Location
Location
Canada , Toronto
Salary
Salary:
165750.00 - 195000.00 CAD / Year
robinhood.com Logo
Robinhood
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of red teaming or offensive security experience, with a proven track record of driving impactful outcomes
  • Strong mentorship experience and a passion for developing others
  • Excellent communication skills—able to articulate complex security risks across technical and executive audiences
  • Hands-on experience with MacOS and Linux systems, and familiarity with DNS, TCP/IP, and related protocols
  • Experience attacking and securing cloud platforms (AWS, GCP), CI pipelines, and container orchestration systems (Docker, Kubernetes)
  • Ability to evade modern defensive tools and understand their detection logic (IDS, IPS, AV, EDR, etc.)
  • Proficiency in scripting or programming with Python, Go, or JavaScript
  • Deep understanding of the MITRE ATT&CK framework and adversary TTPs
  • Strong collaboration skills and comfort working on distributed teams with clear documentation practices
Job Responsibility
Job Responsibility
  • Evangelize the Offensive Security Team’s Findings and Projects with stakeholders throughout the company and collaborate with other teams to create solutions that balance security with other priorities
  • Mentor and provide guidance to the members of the Offensive Security team
  • Utilize threat modeling to identify threats and shape Red Team priorities and exercises
  • Plan and execute long term, broadly scoped, black box Red Team exercises utilizing vulnerability research, exploit development, and utilizing public proof of concept code
  • Perform penetration testing, code reviews, and design/architecture reviews
  • Write tooling to assist with and automate Red Team assessments
  • Plan and participate in Adversarial Simulation exercises with various security teams
  • Lead Security Incidents when Pentest or Red Team findings require them
  • Publish blog posts and present talks at security conferences
What we offer
What we offer
  • bonus opportunities
  • equity
  • benefits
  • Fulltime
Read More
Arrow Right

Offensive Security Engineer I

As an Offensive Security Engineer, you help protect Mollie’s platform and the bu...
Location
Location
Italy , Milan
Salary
Salary:
Not provided
mollie.com Logo
Mollie
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 2+ years of hands-on offensive security experience (penetration testing, ethical hacking, product security engineering)
  • Certifications such as OSCP, OSCE, or similar are highly preferred
  • Practical experience testing modern web applications and APIs (auth, authorization, business logic, data handling)
  • Familiarity with common testing tools and techniques (e.g., Burp Suite and similar tooling)
  • Basic scripting/automation skills (Python, Bash, or similar) to speed up repeatable work
  • Understanding of cloud environments and common attack vectors (GCP concepts are all welcome)
  • Ability to write clear, actionable findings and communicate risk to both technical and non-technical stakeholders
  • A collaborative mindset: you enjoy partnering with teams to get issues fixed and verified
Job Responsibility
Job Responsibility
  • Plan and execute security assessments across web applications, APIs, cloud services, and internal systems—focused on realistic attack paths and business impact
  • Confirm exploitability, reduce false positives, and help teams understand severity and remediation options
  • Partner with SecOps and Security Engineering to run collaborative exercises (e.g., detection validation, incident simulations, phishing/crisis scenarios) that strengthen real-world readiness
  • Improve playbooks, testing approaches, and automation to scale offensive security across teams and technologies
  • Partner closely with engineering teams to answer questions, support fixes, retest, and uplift secure development practices—while also contributing to security awareness initiatives across the organization
What we offer
What we offer
  • Noise cancelling headphones
  • MacBook
  • Birthday off
  • Complimentary baby days
  • 20 days working from abroad
  • 22 holiday days
  • Internet allowance
  • Lunch voucher
  • Wellbeing program
  • Health insurance
  • Fulltime
Read More
Arrow Right