CrawlJobs Logo

Senior Security Engineer - Offensive Security

plaid.com Logo

Plaid

Location Icon

Location:
United States , San Francisco

Category Icon
Category:
IT - Software Development

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

207600.00 - 310800.00 USD / Year
Save Job
Save Icon
Apply Position

Job Description:

We enable Plaid to quickly build safe and secure products while ensuring that Plaid's users, data, and infrastructure remains protected. As the founding member of Plaid’s red team, you will establish and define our offensive security program. You’ll determine which types of operations we should run in both the short and long term, and then carry them out, shifting between strategic planning and hands-on technical work throughout the year. You’ll partner with stakeholders to understand the issues you uncover, both high level and granular, and to incorporate the red team’s work into day-to-day operations and long-term planning. You’ll communicate findings to stakeholders at all levels, including the C-team. Over the next few years, you’ll help grow the team by interviewing candidates for new roles and potentially stepping into a management or TL position.

Job Responsibility:

  • Establish a charter and framework for Plaid’s offensive security program
  • Conduct red team operations against corp and prod infrastructure to identify previously unknown problems and assess the state of Plaid’s security
  • Communicate findings to stakeholders and follow up to ensure appropriate resolution
  • Serve as the primary owner for red teaming at Plaid

Requirements:

  • 5+ years of experience in offensive security roles
  • Experience leading individual offensive security/red team operations
  • Comfortable operating independently and defining your own direction
  • Comfortable communicating with a wide range of technical and non-technical stakeholders

Nice to have:

  • Experience leading an offensive security/red team program
  • Experience developing a new offensive security/red team program
  • OSCP and/or OSCE certification

Additional Information:

Job Posted:
January 07, 2026

Employment Type:
Fulltime
Icon
Plaid - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Senior Security Engineer - Offensive Security

Senior Security Researcher

Endor Labs is building the Application Security platform for the software develo...
Location
Location
United States
Salary
Salary:
Not provided
https://www.endorlabs.com Logo
Endor Labs
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in security research, vulnerability discovery, and offensive security
  • deep expertise in reverse engineering, exploit development, and software vulnerability analysis
  • strong understanding of software supply chain security, including package management systems, CI/CD pipelines, and dependency analysis
  • experience discovering and responsibly disclosing zero-day vulnerabilities
  • proven track record of publishing high-quality research or presenting at top security conferences (e.g., Black Hat, DEF CON, RSAC, BSides)
  • proficiency in programming languages such as Python, Rust, or Go
  • strong analytical skills and the ability to conduct complex security research autonomously
  • excellent communication skills, both written and verbal, to convey technical concepts to diverse audiences.
Job Responsibility
Job Responsibility
  • Conduct offensive security research on software supply chain threats, identifying and analyzing zero-day vulnerabilities
  • develop and refine exploit techniques to understand modern attack vectors targeting software supply chain through malicious code, 3rd party libraries, and CI/CD systems
  • work closely with Product Management to translate research findings into innovative security capabilities within Endor Labs' products
  • publish research findings through technical blogs, white papers, and industry-leading security conferences
  • collaborate with security engineers and developers to prototype and implement detection and mitigation strategies for emerging threats
  • contribute to the security community by developing open-source tools, methodologies, or frameworks that enhance software supply chain security
  • stay ahead of the latest threats, attacker methodologies, and evolving security trends to continuously refine our research efforts.
What we offer
What we offer
  • Work with a world-class team dedicated to pushing the boundaries of security research
  • directly influence the security of modern software supply chains
  • a culture that values innovation, collaboration, and continuous learning
  • competitive compensation, flexible work environment, and a generous benefits package
  • opportunity to present groundbreaking research and contribute to the global security community.
  • Fulltime
Read More
Arrow Right

Cloud Security Senior Analyst

The Cloud Security Operations team works in a multi-disciplinary team of teams d...
Location
Location
Hungary , Budapest
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in a similar, offensive security related role
  • Offensive Security-oriented mindset (threat-modeling, vulnerability assessments, penetration testing, etc.)
  • Hands-on experience with cloud platforms (GCP, AWS)
  • Excellent understanding of cloud security concepts/best practices in various cloud Service Providers (for example: Azure/M365)
  • Familiarity with the current threat landscape which GCP exists in
  • Familiarity with securing containers and container orchestration frameworks (such as Kubernetes)
  • Programming/scripting languages a plus (Python and PowerShell preferred, but not required)
  • Ability to deliver presentations to technical and non-technical individuals
  • Fluency in English
  • Bachelor's Degree or equivalent working experience
Job Responsibility
Job Responsibility
  • Full end to end security assurance activities in GCP including Vulnerability Assessments (preproduction, post-production), Purple Team exercises (Red and Blue team collaboration) to identify areas of risk and ensure any gaps are documented and remediated
  • Provide threat modeling and risk assessment services to characterize the risk and severity posture of various systems and components in the cloud environment
  • Partner with Engineering and Operations teams to create, implement, and apply DevSecOps practices and processes that are consumed by developers across all sectors in Citi
What we offer
What we offer
  • Cafeteria Program
  • Home Office Allowance (for colleagues working in hybrid work models)
  • Paid Parental Leave Program (maternity and paternity leave)
  • Private Medical Care Program and onsite medical rooms at our offices
  • Pension Plan Contribution to voluntary pension fund
  • Group Life Insurance
  • Employee Assistance Program
  • Access to a wide variety of learning and development programs, online course libraries and upskilling platforms, such as Udemy and Degreed
  • Flexible work arrangements to support you in managing work - life balance
  • Career progression opportunities across geographies and business lines
  • Fulltime
Read More
Arrow Right

Application Security Engineer II

In this role, you will support Rackspace's application security program by imple...
Location
Location
India
Salary
Salary:
Not provided
rackspace.com Logo
Rackspace
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 2-4 years in the information security field
  • Experience working with application security, security testing, or DevSecOps practices
  • Working knowledge of the SDLC, security concepts, and vulnerability assessment methodologies
  • Hands-on experience with or understanding of programming and scripting languages including one or more of the following: Python, Java, Node.js, Go, Ruby, PHP
  • databases such as SQL
  • and related tools such as Github, Gitlab, Jenkins, and CircleCI
  • Understanding of common vulnerabilities, remediation approaches, and industry-standard classification schemes (CVE, CWE, CVSS, OWASP Top 10)
  • Familiarity with relevant compliance regulations, such as PCI-DSS, ISO 27001, SOC 2, or HIPAA
  • Passion for security and eagerness to learn about new technologies and emerging security vulnerabilities
  • Strong communication skills with the ability to work collaboratively across teams
Job Responsibility
Job Responsibility
  • Execute application security testing using both automated tools and manual testing techniques on web applications, APIs, containers, and other software components
  • Configure, maintain, and operate SAST, DAST, and other application security testing tools
  • Analyze and triage security findings, documenting clear remediation guidance for development teams
  • Support the vulnerability reporting process and track findings through to resolution
  • Assist with triage and validation of external vulnerability disclosures and bug bounty reports
  • Contribute to the development and documentation of application security processes and standards
  • Participate in security code reviews and threat modeling exercises
  • Help track and report metrics for application security program health
  • Collaborate with development and DevOps teams to integrate security into CI/CD pipelines
  • Stay current with application security trends, tools, and best practices
  • Fulltime
Read More
Arrow Right

Senior Detection Engineer

This is a detection engineering role that leverages knowledge of monitoring, ana...
Location
Location
Singapore , Singapore
Salary
Salary:
Not provided
https://www.marriott.com Logo
Marriott Bonvoy
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Computer Sciences or related field or equivalent experience/certification
  • 3+ years of collective experience in Splunk SIEM (Splunk Enterprise Security) threat detection use case development or UEBA (Exabeam) use case development for insider threat use case development
  • 5+ years of experience in security functions such as SOC, CIRT, security engineering, risk management, vulnerability management or technical infrastructure operations, administration, or systems engineering
  • scripting or programming language, including Python
  • Current information security certification such as Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP) preferred
  • offensive and defensive security certifications such as CEH, IGAC Cyber Defense, OSCP or other related certifications preferred
  • Splunk Certification, including Splunk Enterprise Security Certified Admin preferred
  • use case development experience on the Exabeam platform preferred
  • working knowledge of the NIST Cyber Security Framework and ISO/IEC 27001:2022 preferred
  • working knowledge of the MITRE ATT&CK Framework preferred
Job Responsibility
Job Responsibility
  • Lead collaboration sessions within the cyber security tower and other business units to devise security monitoring use cases
  • engage and collaborate with other security engineers and architects as needed to keep pace with the evolution of corporate infrastructure and applications and share that knowledge with peers as appropriate
  • document prospective security monitoring use cases with MITRE ATT&ACK mappings using standard templates and methodologies
  • inform and consult other cyber ops teams of required data onboarding and integrations for use case development
  • develop analytics, correlation searches, dashboards, reports and alerts within the SIEM and UEBA platforms
  • solicit feedback for pre-production security monitoring content through peer review process and user acceptance testing for tuning
  • document developed security monitoring content in a documentation registry using department standard templates and methodologies
  • manage field mapping and transmission of security monitoring alerts to the security incident response platform for SOC analyst consumption as outlined in process documentation
  • provide governance support for the content development function entailing content development standards compliance, change management approvals for SIEM or UEBA content, and lifecycle management of developed security monitoring content
  • service operational requests in queue such as analytics content performance tuning, filtering, search refinement, parsing issues
  • Fulltime
Read More
Arrow Right

Senior Penetration Tester

As a Penetration Tester, you'll conduct regular, comprehensive security assessme...
Location
Location
Belgium , Brussels
Salary
Salary:
Not provided
https://www.soprasteria.com Logo
Sopra Steria
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Minimum of 5 years' experience in one or more of the following areas: Penetration Tester, Red/Purple Team Member, Security Engineer
  • Knowledge of technologies up to system level (web frameworks, communications protocols, database systems)
  • Offensive security knowledge of cyber-attack techniques, vulnerabilities, and mitigation strategies
  • Knowledge of penetration testing tools, frameworks, and methodology
  • Skills using Kali Linux, Nmap, PowerShell, Metasploit, Cobalt Strike, OWASP ZAP, Burp Suite
  • Proficiency in scripting
  • Awareness of frameworks such as MITRE ATT&CK and NIST and how they can be applied effectively within an enterprise
  • Familiarity with the latest exploits, tactics, techniques, and procedures (TTP), vulnerability remediation and security trends
  • Cyber security qualifications from Offensive Security, SANS, Pentester Academy, CREST, eLearnSecurity or others
Job Responsibility
Job Responsibility
  • Scoping and executing of complex penetrations test across a wide scope of technologies, products, services, and applications and critical infrastructure companies
  • Helping the team to define and improve the internal security testing programme
  • Documenting technical issues both Cyber and IT related during testing assessments
  • Improve our monitoring services by working in purple style exercises and operating in a red team capacity to improve the ability to detect and respond to threats
  • Supporting incident response by providing context and expertise around cyber threats
  • Mentor to our junior & medior colleagues
What we offer
What we offer
  • Extensive career development opportunities, both local and international
  • Part of a dynamic network of 56,000 professionals at all stages of their careers
  • Wide array of offices to explore
  • Fulltime
Read More
Arrow Right
New

Senior Security Engineer - Offensive Security

We enable Plaid to quickly build safe and secure products while ensuring that Pl...
Location
Location
United States , New York
Salary
Salary:
207600.00 - 310800.00 USD / Year
plaid.com Logo
Plaid
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in offensive security roles
  • Experience leading individual offensive security/red team operations
  • Comfortable operating independently and defining your own direction
  • Comfortable communicating with a wide range of technical and non-technical stakeholders
Job Responsibility
Job Responsibility
  • Establish a charter and framework for Plaid’s offensive security program
  • Conduct red team operations against corp and prod infrastructure to identify previously unknown problems and assess the state of Plaid’s security
  • Communicate findings to stakeholders and follow up to ensure appropriate resolution
  • Serve as the primary owner for red teaming at Plaid
  • Fulltime
Read More
Arrow Right

Senior Cyber Advisor

AnaVation is looking for a talented Senior Cyber Advisor who is passionate about...
Location
Location
United States , Annapolis Junction
Salary
Salary:
Not provided
anavationllc.com Logo
AnaVation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Clearance: U.S. Citizen, SCI within last 2 years
  • Four or more years of experience in a Military Cyber Advisor role
  • Four years of experience with J2 Planning, Analysis, and Operations and/or supporting USCYBERCOM, military, or intelligence community cyber missions/programs
  • Cyber/Intelligence strategic planning
  • Experience analyzing joint intelligence staff needs to determine functional requirements and define problems and develop plans for moderately complex to complex systems related to information systems architecture, networking
  • telecommunications, automation, communications protocols, risk management/electronic analysis, software, lifecycle management, software development methodologies, and modeling and simulation
  • Experience providing technical advisory support to Joint intelligence staff concerning Data Science, Data Analysis, Data Engineering, Big Data, and Data Architecture programs driving innovative solutions
  • Experience providing studies and recommendations on Intelligence support to Cyber Network Offensive Operations, Defensive Operations, and Cyber Security
  • Demonstrates exceptional oral and written communication skills and the ability to work in a fast paced environment
  • Collaborates with programmers, engineers, and organizational leaders to identify opportunities for process improvements, recommend system modifications, and develop policies for data governance
Job Responsibility
Job Responsibility
  • Provides high level guidance and strategic advice in Cyber/Intelligence planning and innovation, ensuring alignment with organizational goals and advancements
  • Review and assess current capabilities, identify gaps, and deliver actionable recommendations to enhance Cyber/Intelligence operations and tradecraft
  • Assess USCYBERCOM J2 needs to determine and articulate functional requirements for complex systems, including information systems architecture, networking, and other related domains and develop plans to address these needs
What we offer
What we offer
  • Generous cost sharing for medical insurance for the employee and dependents
  • 100% company paid dental insurance for employees and dependents
  • 100% company paid long-term and short term disability insurance
  • 100% company paid vision insurance for employees and dependents
  • 401k plan with generous match and 100% immediate vesting
  • Competitive Pay
  • Generous paid leave and holiday package
  • Tuition and training reimbursement
  • Life and AD&D Insurance
  • Fulltime
Read More
Arrow Right

Mid - Senior Cybersecurity Engineer

Join the leading AU fintech company as a Senior Cybersecurity Engineer who will ...
Location
Location
Philippines , Manila
Salary
Salary:
Not provided
moneyme.com.au Logo
MONEYME
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Information Security, Information Technology, or a related discipline
  • Professional certifications such as CEH, OSCP or equivalent are highly regarded
  • Equivalent practical experience may be considered in lieu of formal qualifications
  • 3+ years of experience in cybersecurity engineering experience with strong focus on application security
  • Demonstrated ownership of vulnerability remediation from discovery through validation
  • Practical experience implementing and tuning SAST and DAST programs
  • Strong familiarity with OWASP Top 10 and OWASP API Security Top 10
  • Experience working directly with software engineers and platform teams
  • Experience embedding security into the software development lifecycle
  • Experience operating in regulated or high-risk environments
Job Responsibility
Job Responsibility
  • Own application security across web, mobile, and API systems
  • Identify and prioritize vulnerabilities using SAST, DAST, and threat modelling
  • Assess findings against OWASP Top 10 and OWASP API Security risks
  • Drive remediation with engineering teams and validate fixes
  • Embed security into the software development lifecycle
  • Conduct threat modelling during design and architecture
  • Perform security reviews for new features and changes
  • Integrate SAST, DAST, dependency, and container testing into CI CD pipelines
  • Define risk based security gates and tune rulesets
  • Assess high risk flows involving authentication, sensitive data, APIs, and third party integrations
What we offer
What we offer
  • HMO on Day 1 + 1 free dependent
  • 15 days of vacation leaves and 15 days of sick leave
  • 1 birthday leave
  • Health and wellbeing initiatives like weekly sports activities and MONEYME Olympics
  • Fun filled company activities - summer outings, team building, team lunch or dinner, Halloween event, year-end party and so much more!
  • Complimentary snacks in the office
  • MONEYME Merchandise - hoodie, T-shirt, tumbler, notebook, and id lace
  • Quarterly champion awards & reward trips
Read More
Arrow Right
Jobs by Category
Art and Entertainment Jobs Banking Jobs Call Center Jobs Construction Jobs Consulting Jobs Customer Service Jobs Education Jobs Energy Jobs Finance Jobs Gastronomy Jobs Health and Beauty Jobs Hospitality and Tourism Jobs Human Resources Jobs Insurance Jobs IT - Administration Jobs IT - Software Development Jobs Legal Jobs Logistics Jobs Manufacturing Jobs Marketing, Digital Marketing, SEO, SEM Jobs Media Jobs Nursing Jobs Office Administration Jobs Pharmacy Jobs Physical Work Jobs Public Relations Jobs Public Sector Jobs Purchasing Jobs Quality Control Jobs Real Estate Jobs Research and Development Jobs Sales Jobs
Job Positions Jobs by Country
United States Jobs United Kingdom Jobs India Jobs Canada Jobs Australia Jobs Germany Jobs Ireland Jobs Poland Jobs
Company
Blog About Us Contact
Follow Us
Facebook
X (Twitter)
LinkedIn
Instagram
© 2026 CrawlJobs Ltd. All Rights Reserved
Terms & Conditions Privacy Policy