CrawlJobs Logo

Senior Offensive Security Engineer

Canada, Toronto 165750.00 - 195000.00 CAD / Year · Job Posted February 18, 2026
Apply Position
Job Link Share

Job Description

Join us in building the future of finance. Our mission is to democratize finance for all. Robinhood is looking for an Offensive Security Engineer to join the Red Team—a core function within the Offensive Security team and the broader Safety & Productivity Engineering organization. Our team leverages Red Teaming and Adversarial Simulation to evaluate security controls, surface real-world risks, and continuously harden Robinhood’s platforms, properties, and people! You’ll play a hands-on role in validating assumptions, executing stealth simulations, and improving Robinhood’s ability to detect and respond to sophisticated adversaries. This role partners deeply with Detection & Response, Physical Security, and Engineering to help shape secure systems through threat modeling, pen testing, and research-driven tactics.

Job Responsibility

  • Evangelize the Offensive Security Team’s Findings and Projects with stakeholders throughout the company and collaborate with other teams to create solutions that balance security with other priorities
  • Mentor and provide guidance to the members of the Offensive Security team
  • Utilize threat modeling to identify threats and shape Red Team priorities and exercises
  • Plan and execute long term, broadly scoped, black box Red Team exercises utilizing vulnerability research, exploit development, and utilizing public proof of concept code
  • Perform penetration testing, code reviews, and design/architecture reviews
  • Write tooling to assist with and automate Red Team assessments
  • Plan and participate in Adversarial Simulation exercises with various security teams
  • Lead Security Incidents when Pentest or Red Team findings require them
  • Publish blog posts and present talks at security conferences

Requirements

  • 5+ years of red teaming or offensive security experience, with a proven track record of driving impactful outcomes
  • Strong mentorship experience and a passion for developing others
  • Excellent communication skills—able to articulate complex security risks across technical and executive audiences
  • Hands-on experience with MacOS and Linux systems, and familiarity with DNS, TCP/IP, and related protocols
  • Experience attacking and securing cloud platforms (AWS, GCP), CI pipelines, and container orchestration systems (Docker, Kubernetes)
  • Ability to evade modern defensive tools and understand their detection logic (IDS, IPS, AV, EDR, etc.)
  • Proficiency in scripting or programming with Python, Go, or JavaScript
  • Deep understanding of the MITRE ATT&CK framework and adversary TTPs
  • Strong collaboration skills and comfort working on distributed teams with clear documentation practices

Nice to have

  • Experience in the Financial Technology domain
  • Previous leadership or technical lead responsibilities in red team or security engineering functions

What we offer

  • bonus opportunities
  • equity
  • benefits

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Senior Offensive Security Engineer

8 matching positions

Senior Offensive Security Engineer

Join us in building the future of finance. Our mission is to democratize finance...
Location
Location
United States , Menlo Park
Salary
Salary:
187000.00 - 220000.00 USD / Year
robinhood.com Logo
Robinhood
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of professional experience in red teaming or offensive security roles
  • Demonstrated ability to communicate security risks effectively across multiple audiences, from engineers to executives
  • Strong programming skills in at least one language (e.g., Python, Go, JavaScript)
  • Deep familiarity with security concepts across MacOS, Linux, cloud platforms (AWS, GCP), CI/CD, and container orchestration systems (e.g., Kubernetes)
  • Experience with detection evasion, vulnerability research, and exploit development
  • Ability to plan and execute long-term, stealthy red team campaigns in black-box environments
  • Strong understanding of MITRE ATT&CK and other industry frameworks
  • Commitment to fixing—not just finding—security issues
Job Responsibility
Job Responsibility
  • Lead and execute red team and Adversarial Simulation exercises to test detection, response, and organizational readiness
  • Perform advanced threat modeling on new and critical services, articulating risk clearly to technical and non-technical stakeholders
  • Conduct penetration testing across infrastructure, applications, networks, and physical environments
  • Collaborate with Detection & Response and Physical Security teams to design and conduct realistic attacker emulations
  • Build tools and automation to improve red team assessments and reporting capabilities
  • Research the latest tactics, techniques, and procedures (TTPs) to inform red team and simulation scenarios
  • Contribute to the security community through blog posts, public talks, or open-source tools
What we offer
What we offer
  • Performance driven compensation with multipliers for outsized impact, bonus programs, equity ownership, and 401(k) matching
  • 100% paid health insurance for employees with 90% coverage for dependents
  • Lifestyle wallet – a highly flexible benefits spending account for wellness, learning, and more
  • Employer-paid life & disability insurance, fertility benefits, and mental health benefits
  • Time off to recharge including company holidays, paid time off, sick time, parental leave, and more
  • Exceptional office experience with catered meals, events, and comfortable workspaces
  • Fulltime
Read More
Arrow Right

Senior Offensive Security Engineer

As a Senior Offensive Security Engineer, you will be a key member of our corpora...
Location
Location
Poland , Warszawa
Salary
Salary:
Not provided
https://www.bosch.pl/ Logo
Robert Bosch Sp. z o.o.
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 4-8 years of professional industry experience
  • At least 5 years dedicated to cybersecurity roles
  • Extensive, hands-on experience and deep technical knowledge in penetration testing
  • Wide-ranging security knowledge base, primarily focused on enterprise IT
  • Excellent written and verbal communication skills in English
  • Proven ability to create high-quality reports and present complex technical findings
  • Strong analytical skills to assess reports, identify patterns, and evaluate effectiveness
  • Passion for continuous learning
  • Relevant industry certifications such as OSCP, GPEN, GWAPT, GXPN, or CISSP are highly desirable
  • Experience in Red Teaming, threat modeling, or vulnerability research
Job Responsibility
Job Responsibility
  • Critically assess multiple penetration test reports from various internal and external teams to ensure the quality, accuracy, and completeness of the findings
  • Evaluate the efficacy of penetration testing teams and vendors to build a panel of trusted, high-quality security partners
  • Conduct independent, hands-on penetration tests to validate the quality of assessments performed by other teams
  • Support the development and implementation of the corporate cybersecurity resilience roadmap by providing an adversarial perspective
  • Serve as a key liaison between the central cybersecurity team and business stakeholders, clearly articulating risks and recommendations to peers and senior management
  • Interface with development and infrastructure teams to strengthen secure development and operational practices throughout the organization
What we offer
What we offer
  • Annual bonus
  • Hybrid work with flexible working hours
  • Referral Bonus Program
  • Copyright costs for IT employees
  • Professional support and possibility to share knowledge and best practices
  • Ongoing development opportunities in a multinational environment
  • Broad access to professional trainings (incl. language courses), conferences and webinars
  • Private medical care and life insurance
  • Cafeteria System with multiple benefits (incl. MultiSport, shopping vouchers, cinema tickets, etc.)
  • Prepaid Lunch Card
  • Fulltime
Read More
Arrow Right

Senior Security Engineer

As a Senior Security Engineer at Bitwarden, you will be responsible for conducti...
Location
Location
United States
Salary
Salary:
140000.00 - 180000.00 USD / Year
bitwarden.com Logo
Bitwarden
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience with Penetration Testing Tools, such as Burp Suite, NMAP, Nessus, Metasploit, Kali Linux, SQLMap, Owasp ZAP, and manual testing tools
  • In-depth knowledge of leading vulnerability management tools and strategies
  • In-depth understanding and usage of application security testing technologies is a plus
  • Understanding of authentication concepts, including OpenIDConnect, SAML, OAuth, and SSO flows
  • Strong working knowledge of vulnerability management tools, data and network security technologies
  • Collaborative and adaptable mindset
  • Openness and authenticity combined with excellent communication skills
  • Excitement and enthusiasm for open source and for better internet security
  • Excellent problem-solving skills
  • Ability to maintain discretion, handle sensitive information, and maintain security best-practices
Job Responsibility
Job Responsibility
  • Research emerging threats across the surface web, dark web, and deep web
  • Build threat models, conduct threat hunts, and plan and execute purple team engagements
  • Coordinate internal red team testing operations that emulate a threat actor
  • Collaborate with application development teams, platform engineers, and Security Operations Center (SOC) engineers to improve our offensive and defensive security controls
  • Contribute to vulnerability testing and analysis as well as incident response and analysis
  • Include testing for web, mobile, CLI, and desktop application security issues across our multi-product portfolio, including Bitwarden Password Manager, Secrets Manager, and Passwordless.dev, our APIs, serverless functions, and database
  • Participate in code reviews, learning and spreading technical knowledge about security posture
  • Contribute to resolutions for security-related issues
  • Coordinate technical validation and leadership review of purple team reports detailing testing results and potential areas of improvement
  • Conduct internal penetration tests on systems and networks to determine realistic threat vectors
  • Fulltime
Read More
Arrow Right

Staff Offensive Security Engineer

At GEICO, we offer a rewarding career where your ambitions are met with endless ...
Location
Location
United States , Chevy Chase; Palo Alto; Seattle
Salary
Salary:
115000.00 - 230000.00 USD / Year
geico.com Logo
Geico
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Mastery of vulnerability discovery and exploitation across applications, networks, and cloud using tools (e.g., Burp Suite, Metasploit), and custom scripts (Python, PowerShell)
  • Advanced understanding of OWASP, MITRE ATT&CK framework, software development lifecycle (SDLC), threat modeling, red/purple teaming, and attack path development
  • Hands-on experience with tools like Cobalt Strike, Mythic, BloodHound, and AutoSploit
  • Relevant professional security certifications (e.g. from GIAC or others)
  • Proven experience in achieving results efficiently through automation and establishing best practices
  • Proven track record to deliver business outcomes for meeting regulatory and compliance obligations
  • Ability to force multiply through coaching and mentorship to offensive security engineers across all functions (penetration testing, red teaming, purple teaming)
  • 8+ years in engineering focused role, preferably in the tech industry
  • 5+ years of experience in offensive security (penetrating testing, red team, and purple team)
  • 5+ years of hands-on experience performing penetration-testing, red teaming, and purple teaming activities
Job Responsibility
Job Responsibility
  • Lead highly effective large-scale penetration testing initiatives
  • Participate in simulating real-world cyber-attacks (red teaming), and collaborating with defensive security teams (purple teaming)
  • Conduct tactical security penetration test assessments to validate the security of company applications (web, mobile, APIs, and AI products) against OWASP Top 10 threats and work with the Application Security team to provide feedback and recommendations to increase automated capabilities
  • Ensure penetration testing activities are meeting security, business, and compliance objectives and outcomes
  • Design and execute advanced threat emulation scenarios, including physical, social, and digital attack vectors
  • Collaborate with Blue Teams, Threat Intelligence, and Risk Management to ensure comprehensive attack coverage and feedback loops
  • Ensure operations align with industry regulations and compliance standards such as NIST, PCI DSS, and NYDFS
  • Champion continuous improvement and innovation in penetration testing, adversary simulation techniques, tools, and methodologies
What we offer
What we offer
  • Comprehensive Total Rewards program that offers personalized coverage tailor-made for you and your family’s overall well-being
  • Financial benefits including market-competitive compensation
  • a 401K savings plan vested from day one that offers a 6% match
  • performance and recognition-based incentives
  • and tuition assistance
  • Access to additional benefits like mental healthcare as well as fertility and adoption assistance
  • Supports flexibility- We provide workplace flexibility as well as our GEICO Flex program, which offers the ability to work from anywhere in the US for up to four weeks per year
  • Fulltime
Read More
Arrow Right

Senior Security Engineer - Red Team

The Cloud & AI organization accelerates Microsoft’s mission and bold ambitions t...
Location
Location
United States , Redmond
Salary
Salary:
119800.00 - 234700.00 USD / Year
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years experience in security or related field
  • equivalent experience
  • Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 3+ years experience in security or related field
  • Ability to meet Microsoft, customer and/or government security screening requirements
  • This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.
Job Responsibility
Job Responsibility
  • Discover and exploit vulnerabilities end-to-end in order to assess the security of services
  • Execute and lead Red Team operations using real world adversarial tactics and techniques to validate a production service's ability to detect, investigate, and respond
  • Advocate for security change across the company through building partnerships and clearly communicating impact of risks
  • Analyze a wide array of data sources to identify potential security weaknesses and breach points within Microsoft’s infrastructure
  • Prototype tools and techniques to scale and accelerate offensive emulation and vulnerability discovery
  • Collaborate with Blue Teams to improve readiness and produce solutions for defenders and customers
  • Analyze simulated adversary tactics and communications, enriching our defensive tactics and threat intelligence
  • Fulltime
Read More
Arrow Right

Senior Security Engineer

The Cloud & AI organization accelerates Microsoft’s mission to ensure that our c...
Location
Location
United States , Redmond
Salary
Salary:
119800.00 - 234700.00 USD / Year
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years experience in security or related field
  • OR equivalent experience
  • OR Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 3+ years experience in security or related field
  • 4+ years of experience in identifying security vulnerabilities, software development lifecycle, large-scale computing, modeling, cyber security, and anomaly detection
  • 4+ years of experience with coding or scripting in languages such as C#, Python, C++, Go, PowerShell, .NET, Rust, or other comparable programming languages
  • Ability to meet Microsoft, customer and/or government security screening requirements
  • This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter
Job Responsibility
Job Responsibility
  • Discover and exploit vulnerabilities end-to-end in order to assess the security of services
  • Execute and lead Red Team operations using real world adversarial tactics and techniques to validate a production service's ability to detect, investigate, and respond
  • Advocate for security change across the company through building partnerships and clearly communicating impact of risks
  • Analyze a wide array of data sources to identify potential security weaknesses and breach points within Microsoft’s infrastructure
  • Prototype tools and techniques to scale and accelerate offensive emulation and vulnerability discovery
  • Collaborate with Blue Teams to improve readiness and produce solutions for defenders and customers
  • Analyze simulated adversary tactics and communications, enriching our defensive tactics and threat intelligence
  • Embody our Culture and Values
  • Fulltime
Read More
Arrow Right

Senior Application Security Engineer

We’re looking for a senior-level security expert to lead proactive security desi...
Location
Location
Poland , Poland
Salary
Salary:
Not provided
airswift.com Logo
Airswift Sweden
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7+ years in offensive and defensive security roles, with long-term project experience
  • Proven expertise in penetration testing (especially web applications) and threat modelling
  • Strong programming/scripting skills, particularly in Python
  • Deep knowledge in at least one core security domain (e.g., cryptography, secure architecture, authentication)
  • Excellent communication skills in English.
Job Responsibility
Job Responsibility
  • Lead security architecture reviews and conduct in-depth threat modelling for new products and infrastructure
  • Perform hands-on penetration testing and security assessments to uncover and validate vulnerabilities
  • Research emerging threats and develop mitigation strategies to stay ahead of evolving attack vectors
  • Collaborate with engineering teams to embed security into the development lifecycle (DevSecOps).
  • Fulltime
Read More
Arrow Right

Senior Application Security Engineer

We're hiring a Senior Application Security Engineer to join a small, high-levera...
Location
Location
United States , Remote
Salary
Salary:
180000.00 - 210000.00 USD / Year
qualia.com Logo
Qualia
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8+ years of hands-on experience in application security, offensive security, or security engineering, with demonstrable depth in at least two of: offensive testing, security tooling/automation, and cloud/infra security
  • Strong offensive skills - you can manually exploit real web and API vulnerabilities beyond what a scanner will find, and you can teach others to do the same
  • Deep familiarity with building and operating security tooling in a modern engineering org: SAST/DAST/SCA pipelines, custom detection rules, secrets scanning, and CI/CD security gates. You've written tooling, not just configured it
  • Production experience with AWS (IAM, VPC, networking, data services), containerized workloads (Docker, Kubernetes/EKS), and infrastructure-as-code (Terraform or similar)
  • Comfort reading, reviewing, and contributing code in at least one language common to modern web stacks (Python, Go, Ruby, TypeScript, or similar)
  • Clear, direct communication style. You can make a sharp technical argument to senior engineers, translate risk into business terms for leadership, and write a bug report an engineer actually wants to fix
  • Strong partnership instincts - you get leverage by making other teams faster, not by blocking them
Job Responsibility
Job Responsibility
  • Run offensive assessments against Qualia's applications and infrastructure: manual penetration testing, exploit development, authenticated web/API testing, and adversarial review of new designs before they ship
  • Lead threat modeling and secure design review for the highest-risk initiatives across the company, and mentor engineers to do the same for their own work
  • Own and evolve our AppSec tooling stack end-to-end - SAST, DAST, SCA, secret scanning, IaC scanning, and the CI/CD gates that tie them together. Build the custom rules, detections, and automation that generic tooling doesn't give us
  • Harden our cloud posture: review AWS configurations, IAM policies, Kubernetes/EKS workloads, and networking boundaries
  • build automation and guardrails that prevent the same class of issue from recurring
  • Reduce toil for the team - write the tools, scripts, and integrations that turn a day of triage into a few minutes
  • Partner with Infrastructure and Platform on detection engineering, incident response support, and cross-cutting programs (secrets management, supply chain, runtime security)
  • Set the technical bar for the AppSec team: raise the quality of reviews, establish patterns others can reuse, and mentor peers across seniority levels
  • Represent AppSec in architectural reviews, vendor evaluations, and compliance efforts
What we offer
What we offer
  • comprehensive health plans
  • 401k program
  • commuter benefits
  • professional development
  • parental leave
  • flexible time off policy
  • robust online onboarding program
  • biweekly all hands meetings
  • a variety of internal virtual events to keep employees connected
  • Fulltime
Read More
Arrow Right