Staff Engineer - Offensive Security
New
T
TwilioCommunications Technology
Remote - USFull-TimeStaff
Salary$155,520.00 - $194,400.00 (CO, HI, IL, MD, MA, MN, VT, DC); $164,640.00 - $205,800.00 (NY, NJ, WA, CA outside SF Bay area); $182,960.00 - $228,700.00 (SF Bay area)
Apply NowOpens the employer's application page
Job Details
- Experience
- 7-10 years
- Required Skills
- PythonBashC++
Requirements
- 7-10 years of experience in offensive security, penetration testing, AppSec, or high-volume bug bounty environments.
- Expert knowledge of the MITRE ATT&CK matrix and OWASP Top 10 for web applications and LLMs.
- Demonstrated ability to write functional scripts in Python or Bash for automation.
- Proficiency in coding and scripting for custom exploit development.
- Experience with popular security tools: Burp Suite Professional, Nmap, Metasploit, Wireshark.
- Experience with C2 frameworks such as Cobalt Strike, Sliver, or Havoc.
- Proficiency with AI security tools like LangChain, TensorFlow, PyRIT, Promptfoo, or Garak.
- Advanced industry certifications such as OSCP, OSEP, OSWE, or GXPN are highly desirable.
- Proven track record of identifying high/critical vulnerabilities in complex systems.
Responsibilities
- Perform manual and automated penetration testing across web, API, and mobile applications.
- Conduct network and cloud-level assessments to identify infrastructure vulnerabilities.
- Design and execute multi-week Red Team operations to emulate threat actors and test detection capabilities.
- Perform AI/LLM probing using established checklists and develop automated testing frameworks for AI systems.
- Draft comprehensive reports detailing paths to compromise and provide remediation guidance to developers.
- Build custom payloads, droppers, and obfuscated scripts to bypass security controls.
- Collaborate with SIRT and Detection Engineering for purple teaming and SIEM alert tuning.
- Oversee the corporate bug bounty program and identify architectural security trends.
View Full Description & ApplyYou'll be redirected to the employer's site