Source Job

$155,520–$228,700/yr
US

  • Perform full-stack penetration testing of web applications, APIs, and mobile apps.
  • Conduct internal/external network audits and vulnerability validation.
  • Develop custom exploits, adversary emulation, and AI/LLM security testing.

Python Bash Burp Suite

16 jobs similar to Staff Engineer - Offensive Security

Jobs ranked by similarity.

$100,000–$130,000/yr
US

  • Perform offensive security assessments on cloud infrastructure, web applications, APIs, and traditional networks for clients across various industries.
  • Develop detailed penetration testing documentation and collaborate with teams to integrate security into CI/CD pipelines.
  • Contribute to building a new offensive security service line within a top-rated CPA and advisory firm.

Aprio is a top 20 CPA-led advisory firm serving fast-growing industries with expertise in assurance, tax, and advisory services. The firm has over 3,200 team members across 40+ offices globally, and is recognized as a Best Place to Work with a collaborative culture.

US

  • Lead penetration testing across web apps, APIs, and infrastructure.
  • Deliver detailed reports with proof-of-concept exploitation scenarios.
  • Mentor junior consultants and contribute to security research.

VerTALENTS is a subsidiary of VerSprite Cybersecurity that specializes in technology staffing, connecting top technical talent with clients. They work with clients to fill both full-time and contracting opportunities, adding value to both clients and candidates.

US

  • Plan and execute penetration tests across applications, networks, and cloud infrastructure, producing detailed reports for technical and executive audiences.
  • Own remediation follow-through by translating findings into security engineering work items, and design controls across Azure, Okta, and other platforms.
  • Support ISC2's ISO/IEC 27001 ISMS program and continuously improve detection and hardening through automation and threat intelligence.

ISC2 is a nonprofit member organization for cybersecurity professionals, dedicated to a safe and secure cyber world. With a globally recognized portfolio of certifications and a charitable arm, they advocate for inclusion and excellence, supported by a large, global workforce.

$196,000–$242,000/yr
Global Unlimited PTO

  • Perform hands-on web application penetration tests on real customer applications to find vulnerabilities.
  • Identify coverage gaps in autonomous testing and manually reproduce edge cases for product improvement.
  • Partner with engineers to translate findings into product coverage and build regression test cases.

Horizon3.ai is a cybersecurity company that provides the NodeZero platform for autonomous penetration testing. They are a fast-growing, remote team of former U.S. Special Operations cyber operators, startup engineers, and cybersecurity practitioners committed to a culture of respect, collaboration, ownership, and results.

United States

  • Design, build, and operate an AI-augmented red teaming harness using advanced LLM APIs for autonomous vulnerability discovery.
  • Conduct adversarial testing across external, internal, and privileged perspectives, chaining and validating vulnerabilities.
  • Collaborate with DevSecOps, SOC, and engineering teams to improve security automation and detection workflows.

This company provides a cloud-based platform for highly security-conscious organizations. It fosters a remote-first culture focused on innovation, ownership, and continuous learning.

$192,000–$240,000/yr
United States

  • Perform penetration testing and design reviews to identify vulnerabilities and insecure designs.
  • Maintain and build internal tools to automate security efforts, including SAST and DAST testing.
  • Identify vulnerabilities, demonstrate business impact, and articulate risk to drive prioritization.

Brex is the intelligent finance platform that enables companies to spend smarter and move faster in over 200 markets. With tens of thousands of customers including DoorDash, Coinbase, and Zoom, Brex fosters a diverse and inclusive team culture where collaboration with some of the brightest minds in the industry is key.

United States

  • Perform scoped and open-ended assessments on internal and external facing systems.
  • Perform threat and vulnerability research to identify new ways of achieving the program’s mission.
  • Work with the customer Blue Team to identify gaps, address findings, and improve breach response.

Cyber Advisors is a rapidly growing Cybersecurity Consulting firm that simulates real-world attacks to uncover vulnerabilities. They believe in inclusion, employee development, and have a caring, happy culture where people feel valued.

US 4w PTO

  • Lead application security reviews, threat modeling, and secure code review for new features and significant product changes.
  • Operate and improve SAST, DAST, and SCA tooling, triage findings, and partner with engineering teams to harden the codebase.
  • Plan and execute internal penetration tests against web applications, APIs, and mobile clients, and own the vulnerability management lifecycle.

ButterflyMX empowers people to automate property access, operations, and security from a single platform, serving over 20,000 properties worldwide. As a distributed, primarily remote workforce, they seek intelligent, passionate, and collaborative individuals driven by a shared commitment to excellence and innovation.

Brazil

  • Execute penetration tests across web applications, APIs, and infrastructure environments, gaining autonomy in delivery and execution.
  • Perform security assessments including Web Pentest, API Pentest, and Infrastructure/Active Directory testing.
  • Participate in Red Team exercises, applying Tactics, Techniques, and Procedures aligned with real-world threat scenarios.

Jobgether is an AI-powered job matching platform that connects candidates with hiring companies. It uses technology to ensure fair and efficient application reviews, with a focus on matching top-fitting candidates to roles.

US Unlimited PTO

  • Deliver attack-oriented professional services including penetration testing, red teaming, and social engineering for clients.
  • Author comprehensive assessment deliverables detailing technical execution, core deficiencies, and remediation strategies.
  • Contribute to practice development and marketing initiatives through research, speaking, and tool creation.

GuidePoint Security provides trusted cybersecurity expertise, solutions and services to help organizations minimize risk. The company has over 1,200 employees and focuses on a collaborative, enjoyable workplace atmosphere.

Europe 6w PTO

  • Monitor and test Sporty's entire external attack surface across domains, subdomains, and public IP addresses.
  • Conduct adversary emulation exercises against endpoints to validate EDR/XDR and SOC defenses.
  • Translate offensive findings into actionable defensive improvements and remediation blueprints.

Sporty Group is a remote-first company operating in the sports and gaming industry. It focuses on sustainability and offers a competitive salary with quarterly bonuses and annual retreats.

$82,550–$170,180/yr
UK

  • Lead penetration testing engagements on applications with complex technology stacks, working independently and collaboratively.
  • Contextualize vulnerabilities and assess realistic impact to clients, ensuring quality reports and services are delivered efficiently.
  • Maintain strong depth of knowledge in application security and mentor teammates while collaborating with project managers and delivery teams.

Coalfire is a cybersecurity firm that helps clients navigate complex security challenges through advisory, assessment, and automation services. The company is headquartered in Chicago with offices across the U.S. and U.K., and supports clients worldwide with a team of passionate cybersecurity experts.

$247,000–$275,000/yr
US Unlimited PTO

  • Research Oracle Cloud Infrastructure services and identify offensive security opportunities across the platform.
  • Develop new attack techniques, attack paths, and security assessments targeting OCI environments.
  • Build and maintain production-quality Python code that powers NodeZero attack capabilities.

Horizon3.ai is a remote cybersecurity company that enables organizations to proactively find, fix, and verify exploitable attack vectors with its NodeZero autonomous pentesting platform. They are a team of former U.S. Special Operations cyber operators and engineers, committed to a culture of respect, collaboration, and ownership.

Global Unlimited PTO

  • Conduct threat modelling reviews of Technical Design Documents (TDDs) and provide actionable security recommendations early in the design process.
  • Perform application security assessments, including penetration testing, vulnerability assessments, and proof-of-concept development.
  • Investigate, triage, and respond to Bug Bounty program submissions, validating findings and driving timely remediation with engineering teams.

MoonPay is a unified payments platform for digital currency. Trusted by over 30 million customers and over 500 ecosystem partners, the company is committed to building a fairer, more open financial system with a culture of accountability and inclusivity.

US 5w PTO

  • Own key security domains such as vulnerability management, application security, API security, and supply chain security.
  • Partner with engineering teams to integrate security into design reviews, threat modeling, CI/CD pipelines, and developer workflows.
  • Develop and improve security tooling and automation to reduce manual effort and leverage AI for triage and detection.

NinjaTrader is an industry-leading trading platform and futures broker that empowers traders with award-winning software and brokerage services. Since 2003, the company has grown to over 2 million users and is the number one rated futures brokerage worldwide, fostering a dynamic culture focused on social connection, professional development, and employee recognition.

Spain

  • Play a key role in protecting and strengthening large-scale cloud-native applications that power next-generation AI infrastructure.
  • Work at the intersection of software engineering and cybersecurity, ensuring security is embedded throughout the software development lifecycle.
  • Collaborate cross-functionally to identify and remediate vulnerabilities in complex distributed systems.

Our partner is a company building large-scale cloud-native applications that power next-generation AI infrastructure. They have a high-impact security engineering environment with a collaborative and innovative culture focused on trust, learning, and impact.