Offensive Security Engineer, Offensive Security

View full description

Requirements:

• A Bachelor’s degree in Computer Science, Computer Engineering, or a related field.
• Relevant security certifications (e.g., OSCP, GPEN).
• Experience in programming languages such as Go, JavaScript, Python or Ruby.
• 2+ years of experience in application security, bug bounty triage, or offensive security roles.
• Deep understanding of Web2 security concepts and common vulnerabilities (e.g., OWASP Top 10, SANS Top 25)
• Experience with bug bounty programs and platforms.
• Strong analytical skills to identify trends and patterns in bug bounty submissions.
• Excellent communication skills to effectively communicate with researchers and internal teams.
• Passion for security and a drive to improve bug bounty program efficiency and effectiveness.
• Ability to work independently and take ownership of the bug bounty program.

Responsibilities:

• Participate in bug bounty triage and validation, ensuring timely and accurate assessments.
• Develop and implement strategies to incentivize and attract high-quality bug bounty submissions.
• Help manage the bug bounty program, including scope updates, researcher communication and bug bounty payout disbursements.
• Analyze bug bounty data to identify trends, common vulnerabilities, and areas for security improvement.
• Collaborate with engineering teams to prioritize and remediate vulnerabilities identified through the bug bounty program.
• Mentor and train junior security engineers in bug bounty triage and analysis.
• Provide on-call support for critical bug bounty related incidents.
• Document and report on bug bounty metrics and program effectiveness.
• Conduct internal penetration testing engagements on web and mobile applications and services.
• Participate in red team activities to identify weaknesses in security controls, as well as network and application-level security boundaries.