Senior Offensive Security Engineer
Bengaluru; This position will have working hours of 1:00 PM to 10:00 PM IST (Indian Standard Time) and will allow for a mixture of in-office and work from home., 1:00 PM to 10:00 PM IST (Indian Standard Time)Full-TimeSenior
Salary not disclosed
Apply NowOpens the employer's application page
Job Details
- Experience
- 10+ years of related experience; 7+ years of hands-on experience in offensive security
- Required Skills
- AWSPythonBashGoScripting
Requirements
- Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience with 10+ years of related experience.
- 7+ years of hands-on experience in offensive security, with a strong background in penetration testing, red teaming, or application security.
- Operational Cloud Expertise: 3-5 years of hands-on experience operating in, managing, or performing manual penetration tests of cloud infrastructure (AWS preferred), with a deep understanding of cloud-native attack vectors (e.g., IAM exploitation, container escapes, and serverless security).
- Expert-level knowledge in managing the lifecycle of penetration testing engagements and a proven track record of driving remediation efforts in a complex, multi-team environment.
- Deep and practical understanding of common and advanced vulnerability classes (OWASP Top 10 and beyond) and the ability to architect solutions to remediate them at scale.
- High proficiency in one or more scripting languages (e.g., Python, Go, Bash) for advanced tool development and automation of complex tasks.
- Exceptional communication and interpersonal skills, with a demonstrated ability to influence technical and non-technical stakeholders at all levels, including senior leadership.
- A proven history of mentorship and a passion for elevating the skills of those around you.
Responsibilities
- Lead Offensive Security Engagements: Own and execute complex, end-to-end internal penetration tests against Bazaarvoice's most critical applications, infrastructure, and cloud environments. You will simulate advanced, multi-stage attack scenarios to uncover systemic security weaknesses before they can be exploited.
- Program and Tooling Enhancement: Take a lead role in defining the strategy for our offensive security capabilities. You will research, prototype, and implement new tools, techniques, and automation to mature our testing processes and keep pace with the evolving threat landscape.
- Strategic Third-Party Penetration Test Management: Act as the primary technical lead for our third-party penetration testing program. You will not only manage the engagement lifecycle but also define the strategic direction of our testing roadmap, ensuring we partner with providers to target the highest-risk areas of our business.
- Bug Bounty Program Leadership: Design, lead, and operate all aspects of our bug bounty program, serving as the technical interface for third-party researchers and coordinating internal responses to submitted vulnerability findings, ensuring clear communication and timely resolution.
- Mentorship and Technical Leadership: Mentor junior team members and act as a security champion and trusted advisor to engineering teams. You will elevate the security knowledge across the organization by leading training sessions, developing secure coding guidelines, and providing expert consultation on secure architecture.
- Threat Modeling: Proactively engage with development teams early in the SDLC to conduct threat modeling exercises, helping them build more secure products from the ground up.
View Full Description & ApplyYou'll be redirected to the employer's site
