CrawlJobs Logo

Staff Offensive Security Engineer

United States, Menlo Park 217000.00 - 255000.00 USD / Year · Job Posted February 18, 2026
Apply Position
Job Link Share

Job Description

Join us in building the future of finance. Our mission is to democratize finance for all. Robinhood is looking for an Offensive Security Engineer who is passionate about Red Teaming, Adversarial Simulation, and breaking / fixing systems, to join the Red Team. The Red Team is a core pillar of the Offensive Security team and situated within the Safety & Productivity Engineering organization. The Red Team works with teams across Robinhood to ensure our products, services, and processes are secure through threat modeling, penetration testing, adversarial simulations, and red teaming. As an Offensive Security Engineer, you will work across multiple domains, partner with key teams across Robinhood, and help build an even more resilient and secure product for our customers.

Job Responsibility

  • Evangelize the Offensive Security Team’s Findings and Projects with stakeholders throughout the company and collaborate with other teams to create solutions that balance security with other priorities
  • Mentor and provide guidance to the members of the Offensive Security team
  • Utilize threat modeling to identify threats and shape Red Team priorities and exercises
  • Plan and execute long term, broadly scoped, black box Red Team exercises utilizing vulnerability research, exploit development, and utilizing public proof of concept code
  • Perform penetration testing, code reviews, and design/architecture reviews
  • Write tooling to assist with and automate Red Team assessments
  • Plan and participate in Adversarial Simulation exercises with various security teams
  • Lead Security Incidents when Pentest or Red Team findings require them
  • Publish blog posts and present talks at security conferences

Requirements

  • 8+ years of Red Team experience
  • Experience mentoring other team members
  • Passion and demonstrated experience for challenging security assumptions
  • Excellent written and verbal communication skills and ability to communicate your findings at many different levels of abstraction from Engineers to Executives
  • Passion for fixing security issues and not just identifying security issues
  • Familiarity with common network protocols and standards such as DNS and TCP/IP
  • Experience with MacOS and Linux
  • Experience with leveraging components of a modern software development stack to attack companies, including CI, container orchestration systems (Kubernetes/Docker), cloud providers (AWS, GCP), etc and be able to give hardening suggestions
  • Experience/knowledge of defensive tools/techniques (IDS/IPS, Packet Capture, Network Analysis, AV, EDR, etc.) and how to evade them
  • Deep understanding of Mitre’s ATT&CK Framework
  • Strong understanding of the security fundamentals of access and identity
  • Comfortable reading / writing python, go, and javascript
  • Ability to research and execute a testing plan to access a new technology or process
  • Demonstrated experience working with a distributed team
  • Proficiency to communicate over a text-based medium (Slack, JIRA Issues, GitHub issues, & Email) and can succinctly document technical details

Nice to have

  • Experience in the Financial Technology domain
  • Experience being a technical lead at other organizations

What we offer

  • Market competitive and pay equity-focused compensation structure
  • 100% paid health insurance for employees with 90% coverage for dependents
  • Annual lifestyle wallet for personal wellness, learning and development, and more
  • Lifetime maximum benefit for family forming and fertility benefits
  • Dedicated mental health support for employees and eligible dependents
  • Generous time away including company holidays, paid time off, sick time, parental leave, and more
  • Lively office environment with catered meals, fully stocked kitchens, and geo-specific commuter benefits
  • Bonus opportunities
  • Equity

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Staff Offensive Security Engineer

8 matching positions

Staff Offensive Security Engineer

At GEICO, we offer a rewarding career where your ambitions are met with endless ...
Location
Location
United States , Chevy Chase; Palo Alto; Seattle
Salary
Salary:
115000.00 - 230000.00 USD / Year
geico.com Logo
Geico
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Mastery of vulnerability discovery and exploitation across applications, networks, and cloud using tools (e.g., Burp Suite, Metasploit), and custom scripts (Python, PowerShell)
  • Advanced understanding of OWASP, MITRE ATT&CK framework, software development lifecycle (SDLC), threat modeling, red/purple teaming, and attack path development
  • Hands-on experience with tools like Cobalt Strike, Mythic, BloodHound, and AutoSploit
  • Relevant professional security certifications (e.g. from GIAC or others)
  • Proven experience in achieving results efficiently through automation and establishing best practices
  • Proven track record to deliver business outcomes for meeting regulatory and compliance obligations
  • Ability to force multiply through coaching and mentorship to offensive security engineers across all functions (penetration testing, red teaming, purple teaming)
  • 8+ years in engineering focused role, preferably in the tech industry
  • 5+ years of experience in offensive security (penetrating testing, red team, and purple team)
  • 5+ years of hands-on experience performing penetration-testing, red teaming, and purple teaming activities
Job Responsibility
Job Responsibility
  • Lead highly effective large-scale penetration testing initiatives
  • Participate in simulating real-world cyber-attacks (red teaming), and collaborating with defensive security teams (purple teaming)
  • Conduct tactical security penetration test assessments to validate the security of company applications (web, mobile, APIs, and AI products) against OWASP Top 10 threats and work with the Application Security team to provide feedback and recommendations to increase automated capabilities
  • Ensure penetration testing activities are meeting security, business, and compliance objectives and outcomes
  • Design and execute advanced threat emulation scenarios, including physical, social, and digital attack vectors
  • Collaborate with Blue Teams, Threat Intelligence, and Risk Management to ensure comprehensive attack coverage and feedback loops
  • Ensure operations align with industry regulations and compliance standards such as NIST, PCI DSS, and NYDFS
  • Champion continuous improvement and innovation in penetration testing, adversary simulation techniques, tools, and methodologies
What we offer
What we offer
  • Comprehensive Total Rewards program that offers personalized coverage tailor-made for you and your family’s overall well-being
  • Financial benefits including market-competitive compensation
  • a 401K savings plan vested from day one that offers a 6% match
  • performance and recognition-based incentives
  • and tuition assistance
  • Access to additional benefits like mental healthcare as well as fertility and adoption assistance
  • Supports flexibility- We provide workplace flexibility as well as our GEICO Flex program, which offers the ability to work from anywhere in the US for up to four weeks per year
  • Fulltime
Read More
Arrow Right

Staff Offensive Security Engineer

Join us in building the future of finance. Our mission is to democratize finance...
Location
Location
United States , Menlo Park
Salary
Salary:
217000.00 - 255000.00 USD / Year
robinhood.com Logo
Robinhood
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8+ years of Red Team experience
  • Experience mentoring other team members
  • Passion and demonstrated experience for challenging security assumptions
  • Excellent written and verbal communication skills and ability to communicate your findings at many different levels of abstraction from Engineers to Executives
  • Passion for fixing security issues and not just identifying security issues
  • Familiarity with common network protocols and standards such as DNS and TCP/IP
  • Experience with MacOS and Linux
  • Experience with leveraging components of a modern software development stack to attack companies, including CI, container orchestration systems (Kubernetes/Docker), cloud providers (AWS, GCP), etc and be able to give hardening suggestions
  • Experience/knowledge of defensive tools/techniques (IDS/IPS, Packet Capture, Network Analysis, AV, EDR, etc.) and how to evade them
  • Deep understanding of Mitre’s ATT&CK Framework
Job Responsibility
Job Responsibility
  • Evangelize the Offensive Security Team’s Findings and Projects with stakeholders throughout the company and collaborate with other teams to create solutions that balance security with other priorities
  • Mentor and provide guidance to the members of the Offensive Security team
  • Utilize threat modeling to identify threats and shape Red Team priorities and exercises
  • Plan and execute long term, broadly scoped, black box Red Team exercises utilizing vulnerability research, exploit development, and utilizing public proof of concept code
  • Perform penetration testing, code reviews, and design/architecture reviews
  • Write tooling to assist with and automate Red Team assessments
  • Plan and participate in Adversarial Simulation exercises with various security teams
  • Lead Security Incidents when Pentest or Red Team findings require them
  • Publish blog posts and present talks at security conferences
What we offer
What we offer
  • Market competitive and pay equity-focused compensation structure
  • 100% paid health insurance for employees with 90% coverage for dependents
  • Annual lifestyle wallet for personal wellness, learning and development, and more
  • Lifetime maximum benefit for family forming and fertility benefits
  • Dedicated mental health support for employees and eligible dependents
  • Generous time away including company holidays, paid time off, sick time, parental leave, and more
  • Lively office environment with catered meals, fully stocked kitchens, and geo-specific commuter benefits
  • Fulltime
Read More
Arrow Right

Staff Engineer, Offensive Security

The Staff Engineer acts as a Technical Lead. You don't just find bugs; you desig...
Location
Location
Ireland
Salary
Salary:
Not provided
stytch.com Logo
Stytch
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7-10 years in offensive security, penetration testing, a high-volume bug bounty background, AppSec, or vulnerability exploitation
  • track record of finding high/critical vulnerabilities in complex environments using pentesting commercial or custom tools
  • Expert Knowledge and solid understanding of the MITRE ATT&CK matrix and the OWASP Top 10 for web applications and top 10 for LLMs
  • post exploitation (lateral movement, persistence, data exfiltration) and Adversarial ML
  • Proficient in OffSec popular tools like Burp Suite professional, Nmap, Metasploit, Wireshark etc... and AI security tools such as LangChain, TensorFlow for adversarial testing or, as well as use of C2 frameworks (Cobalt Strike, Sliver, Havoc) or similar tools
  • Ability to write functional scripts in Python or Bash to automate repetitive testing tasks
  • proficiency in coding and scripting like Python, C++, and scripting for creating custom offensive exploits that avoids signature-based detection
  • Possession of advanced industry certifications such as OSCP, OSEP, OSWE, GXPN or similar training in OffSec tracks is highly desirable
Job Responsibility
Job Responsibility
  • Full-Stack Penetration Testing: Perform manual and automated testing of web applications, APIs, and mobile apps (iOS/Android)
  • Internal/External Network Audits: Conduct network and cloud level assessments with various tooling
  • Vulnerability Validation: Triage and validate reports from automated scanners or bug bounty hunters to eliminate false positives and escalate true positives
  • AI/LLM Probing: Perform initial prompt injection and jailbreak tests on AI prototypes, services, and applications using established checklists (OWASP Top 10 for LLMs)
  • Technical Reporting: Draft high-quality reports that detail the 'path to compromise' with clear, reproducible steps for developers
  • Tool Maintenance: Manage and update the team's testing infrastructure (e.g., Burp Suite, and basic C2 listeners)
  • Remediation Support: Provide direct technical guidance to engineering teams on how to patch vulnerabilities like XSS, SQLi, and IDOR
  • Adversary Emulation: Design and lead multi-week Red Team operations that mimic specific threat actors (APTs) to test the SIRT detection capabilities
  • Custom Exploit Development: Build custom payloads, droppers, and obfuscated scripts to bypass EDR/AV and maintain stealth
  • AI Red Teaming Architecture: Build automated testing frameworks for AI systems (e.g., using PyRIT, Promptfoo, or Garak) to test for models related to sensitive data leakage
What we offer
What we offer
  • competitive pay
  • generous time off
  • ample parental and wellness leave
  • healthcare
  • a retirement savings program
Read More
Arrow Right

Member Of Technical Staff - Security Engineer

Copilot is becoming an agentic system: it can plan, reason, and take actions acr...
Location
Location
United States , Redmond
Salary
Salary:
139900.00 - 274800.00 USD / Year
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Doctorate in Statistics, Mathematics, Computer Science, or related field AND 3+ years of experience OR Master’s Degree AND 4+ years of experience OR Bachelor’s Degree AND 6+ years of experience in security engineering, secure software development, large-scale computing, threat modeling, or applied security analytics, including experience designing or building systems to detect, prevent, or mitigate security threats, or equivalent experience.
Job Responsibility
Job Responsibility
  • Design and build secure, high‑performance platform components that support Copilot’s agentic workflows across cloud and device environments
  • Develop novel security mechanisms for agentic AI systems, including real‑time intent validation, information‑flow controls, isolation boundaries, and abuse‑resistant orchestration
  • Eliminate entire classes of vulnerabilities by creating secure‑by‑default APIs, sandboxing layers, and hardened system interfaces
  • Build and operate offensive security tooling and agents that continuously probe Copilot’s autonomy, reasoning paths, and trust boundaries
  • Partner closely with AI researchers, platform engineers, and product teams to translate research and prototypes into production‑ready security features
  • Write high‑quality, well‑tested code across backend services, platform layers, and AI‑adjacent systems
  • Use telemetry, signals, and data‑driven analysis to detect abuse, anomalous agent behavior, and emerging threat patterns
  • Navigate ambiguity, make sound engineering tradeoffs, and ship iteratively in a fast‑paced product environment
  • Contribute to a culture of high ownership, technical excellence, and inclusive collaboration.
  • Fulltime
Read More
Arrow Right

Staff Security Engineer

Credit Genie is a mobile-first financial wellness platform designed to help indi...
Location
Location
United States , New York, NY; Philadelphia, PA; Plymouth Meeting, PA; Pittsburgh, PA; San Francisco, CA
Salary
Salary:
150000.00 - 250000.00 USD / Year
creditgenie.com Logo
Credit Genie
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • BS/MS/PhD in a Computer Science, Engineering or related scientific field or equivalent professional experience
  • Passionate about advocating for and implementing solutions to complex problems, at-scale, in a large multi-cloud environment
  • Prior experience in Development Operations, Software Engineering, Systems Engineering, Security Architecture, Cloud Security or Offensive Security
  • Fluent in one or more modern coding languages (Python, Go, Java, JavaScript, etc.)
  • Experience with one or more infrastructure as code tools (Terraform, Ansible, etc.)
  • Experience with AWS, GCP, Azure and/or containers (e.g. Kubernetes)
  • Able to work both independently and collaboratively, willing to work in a fast paced, high growth environment
Job Responsibility
Job Responsibility
  • Design new and improve existing security tools, ensure their operational reliability, adherence to SLAs, and strengthen the organization’s security posture through proactive monitoring and continuous improvement
  • Drive innovation by automating security processes and developing advanced methods for analyzing and responding to security findings
  • Maintain and refine custom cloud security baselines, develop and implement cloud security policies and detection rules. Build security controls that detect, prevent, and correct cloud vulnerabilities
  • Collaborate closely with engineering teams to ensure security is embedded into solution design and deployment from the ground up
  • Empathize with the full spectrum of our customers and our engineers by advocating for effective solutions that scale with the needs of our business and our customers
  • Lead threat modeling, vulnerability assessments, and penetration testing to identify and address security risks proactively. Monitor security logs and alerts to detect anomalies and coordinate incident investigations
  • Develop and maintain incident response plans, ensuring rapid detection, analysis, and mitigation of security threats
What we offer
What we offer
  • Offers Equity
  • Offers Bonus
  • 100% company-paid medical, dental, and vision coverage for you and your dependents on your first day of employment
  • Receive up to $100 per month in fitness reimbursement or enjoy a complimentary full membership to LifeTime Fitness or Equinox
  • 401(k) with a 3.5% match and immediate vesting
  • Meal program available for both lunch and dinner
  • Pre-tax benefits, including a $1,000 HSA match
  • Life and accidental insurance
  • Flexible PTO
  • Fulltime
Read More
Arrow Right

Senior Staff Cloud Security Engineer

GEICO is seeking a Senior Staff Cloud Security Engineer to provide strategic and...
Location
Location
United States , Chevy Chase; Palo Alto; Seattle
Salary
Salary:
130000.00 - 260000.00 USD / Year
geico.com Logo
Geico
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Deep technical expertise in public and private cloud compute infrastructure and cloud native technologies
  • Previous successful projects that iteratively transitioned legacy security models to next generation solutions
  • Deep technical knowledge of security threats, risks, and vulnerabilities within IaaS, PaaS, and SaaS environments and integrations
  • Experience in offensive and defensive security roles, with a strong hacker approach to guiding cloud security decisions
  • Experience communicating and presenting to senior and junior staff with the ability to influence stakeholders
  • Experience in a multi-platform environment with containerized or VM-based Linux and Windows
  • Experience with Container risk monitoring at both build and runtime
  • Experience with solving security control requirements with engineering approaches
  • Ability to excel in a fast-paced, startup-like environment
  • Ability to design, perform experiments, and influence security detection and protection solutions
Job Responsibility
Job Responsibility
  • Provide strategic and technical security direction in designing, implementing, and managing secure cloud infrastructures
  • Develop and maintain expertise in cloud-native security solutions, including container security, Kubernetes, Istio, and cloud networking and security services
  • Define and implement roadmaps for security enhancements, ensuring alignment with business objectives and minimal disruption to operations
  • Develop strong relationships with key stakeholders, including development teams, operations teams, and executive sponsors
  • Collaborate with various teams to design, deploy, troubleshoot, and enhance security measures, while balancing usability and security
  • Influence and educate staff at all levels on cloud security best practices, promoting a culture of cloud security awareness across the organization
  • Proactively identify opportunities to enhance security measures, streamline processes, and optimize tooling, leveraging an offensive security mindset
  • Support continuous improvement of our cloud security posture through innovative solutions
  • Mentor/train growing security engineers and provide technical direction and project leadership
What we offer
What we offer
  • Comprehensive Total Rewards program that offers personalized coverage tailor-made for you and your family’s overall well-being
  • Financial benefits including market-competitive compensation
  • a 401K savings plan vested from day one that offers a 6% match
  • performance and recognition-based incentives
  • and tuition assistance
  • Access to additional benefits like mental healthcare as well as fertility and adoption assistance
  • Supports flexibility- We provide workplace flexibility as well as our GEICO Flex program, which offers the ability to work from anywhere in the US for up to four weeks per year
  • Fulltime
Read More
Arrow Right

Staff Product Security Engineer

We’re seeking a Staff Product Security Engineer with deep AI/ML security experti...
Location
Location
United States , San Francisco
Salary
Salary:
250000.00 - 285000.00 USD / Year
crusoe.ai Logo
Crusoe
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8-10 years of deep hands-on experience in offensive security, including manual penetration testing, red team operations, and adversary simulation
  • Familiarity with modern C2 frameworks (e.g., Cobalt Strike, Sliver, Havoc), exploit development, and security research
  • Strong expertise across the AI/ML stack, including MLOps, inference architectures, vector databases, RAG, and agentic frameworks (e.g., ReAct, Reflexion)
  • Experience building, deploying, and securing LLM pipelines and AI workflows in Kubernetes and/or bare-metal environments
  • Strong software engineering foundations with experience shipping production code in Go, Python, or Rust
  • Hands-on experience securing Kubernetes, containers, VMs, and CI/CD environments
  • Deep understanding of application security vulnerabilities, secure coding practices, and distributed system design
  • Demonstrated ability to lead complex, cross-functional security initiatives end-to-end
  • Strong communication skills with the ability to influence both engineering teams and executive stakeholders
Job Responsibility
Job Responsibility
  • Performing advanced manual penetration testing across complex applications, infrastructure, Kubernetes environments, and distributed microservice ecosystems
  • Leading offensive security initiatives including red team operations, adversary simulation, and security research
  • Securing AI/ML systems end-to-end, including LLM pipelines, vector databases, RAG architectures, and agentic workflows
  • Identifying and researching novel attack surfaces unique to LLMs and autonomous systems, contributing to internal and external AI security research
  • Influencing secure system design across the SDLC, embedding security into CI/CD pipelines, container images, and deployment workflows
  • Integrating and operationalizing security tooling (SAST, DAST, SCA, container scanning) and driving remediation of complex application-layer vulnerabilities
  • Building internal security guardrails such as hardened base images, reusable libraries, and policy-as-code frameworks
  • Developing production-grade security tooling and leading cross-functional security programs from design through deployment
What we offer
What we offer
  • Bonus
  • Restricted Stock Units are included in all offers
  • Fulltime
Read More
Arrow Right

Staff Platform Security Engineer

Fivetran is building data pipelines to power the modern data stack for thousands...
Location
Location
United States , Oakland
Salary
Salary:
196033.00 - 245041.50 USD / Year
fivetran.com Logo
Fivetran
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Application Security Expertise: Deep expertise in identifying and mitigating security vulnerabilities within applications (e.g., OWASP Top 10), particularly in Java codebases.
  • Secure SDLC: Extensive experience integrating security into the software development lifecycle, from design and code review to testing and deployment.
  • Java Proficiency: Senior-level experience with Java codebases: building, running, profiling, and optimizing Java applications in secure environments.
  • Container Security: Strong experience with Docker image creation, optimization, and vulnerability mitigation, specifically for applications.
  • CI/CD & Automation: Proficiency with CI/CD tools (e.g., Jenkins, GitLab CI, GitHub Actions) and experience integrating security tools into automated pipelines.
  • Tooling Familiarity: Familiarity with a range of security tools for CI/CD security, static analysis (SAST), dynamic analysis (DAST), dependency analysis (SCA), and secrets management.
  • Adversarial AI & Defense: Familiarity with modern attack techniques, offensive security methodologies, and defense strategies, including OWASP Top 10 for LLMs (e.g., Prompt Injection, Data Poisoning, and Model Inversion).
  • Scripting: Proficiency in scripting or programming languages (e.g., Bash, Python, Go) to automate security processes and tool integration.
  • Problem-Solving: Excellent problem-solving and troubleshooting skills, with the ability to work independently in fast-paced environments.
  • Communication: Strong communication skills with the ability to effectively collaborate with and educate engineering teams on security principles and best practices.
Job Responsibility
Job Responsibility
  • Collaborate with engineering teams to integrate and manage security tooling within the SDLC, strategically automating security checks and feedback loops to enhance efficiency and security posture.
  • Perform vulnerability scanning and participate in penetration testing exercises, automating scanning processes judiciously to identify common weaknesses, while reserving manual efforts for complex and nuanced assessments. Report findings and assist with remediation efforts.
  • Develop and maintain automation scripts and infrastructure-as-code for security checks related to machine configurations, container images, IAM policies, firewall rules, and cloud storage policies.
  • Implement and configure security controls within enterprise applications based on security best practices and architectural guidance.
  • Contribute to threat modeling efforts by providing technical insights and implementing identified security controls.
  • Work directly with engineering teams to troubleshoot and resolve security challenges across the stack while promoting a security-first mindset, identifying and automating recurring troubleshooting steps or remediation processes where it significantly improves response times and reduces manual intervention.
  • Implement and operationalize security solutions for cloud-native and hybrid infrastructure based on architectural guidelines.
  • Collaborate with infrastructure and cloud security teams to implement and maintain security controls across the entire technology stack, strategically prioritizing automation for consistent enforcement, monitoring, and alerting to improve overall security and reduce manual overhead.
  • Implement and manage security assessment tools, including vulnerability scanners, SIEM agents, DLP endpoints, and EDR sensors.
  • Participate in security assessment reviews by providing practical implementation feedback and identifying potential operational challenges.
What we offer
What we offer
  • 100% employer-paid medical insurance*
  • Generous paid time-off policy (PTO), plus paid sick time, inclusive parental leave policy, holidays, and volunteer days off
  • RSU stock grants*
  • Professional development and training opportunities
  • Company virtual happy hours, free food, and fun team-building activities
  • Monthly cell phone stipend
  • Access to an innovative mental health support platform that offers personalized care and resources in areas such as: therapy, coaching, and self-guided mindfulness exercises for all covered employees and their covered dependents.
  • Fulltime
Read More
Arrow Right