- Company Name
- Escape
- Job Title
- Offensive Security Lead
- Job Description
-
Job title: Offensive Security Lead
Role Summary: Lead the offensive security practice, designing and conducting advanced penetration tests, red team operations, and adversary simulations on modern web applications and cloud environments to validate and improve AI–driven code‑to‑cloud and DAST security scanners. Mentor a small team of red teamers while remaining hands‑on, translating real‑world exploitation tactics into actionable product enhancements and customer education.
Expectations: Deliver high‑quality vulnerability validation, reduce false positives/negatives, and drive continuous improvement of detection logic through research, tool development, and hands‑on penetration testing. Build and scale an internal offensive security capability, set best practices, and maintain active engagement with security researchers, product, and engineering teams.
Key Responsibilities:
- Lead, mentor, and manage a team of 3 red teamers, establishing methodologies, training, and performance standards.
- Design and execute sophisticated penetration tests, red team engagements, and adversary simulations on web apps, APIs, cloud infrastructure, and codebases.
- Collaborate with Security Research to discover novel attack techniques, validate detection logic, and schedule testing initiatives.
- Support enterprise customer engagements by demonstrating exploitation paths, providing proof‑of‑concept attacks, and clarifying risk severity for security leadership.
- Develop realistic attack chains encompassing code‑to‑cloud vulnerabilities and present end‑to‑end exploitation scenarios.
- Validate scanner accuracy by attempting to exploit reported vulnerabilities, identifying false positives/negatives, and refining detection rules.
- Build custom tools, exploits, and automation workflows for continuous security validation and integration into CI/CD pipelines.
- Define offensive security roadmap, prioritize testing programs, and allocate resources to maximize product and customer impact.
- Train Security Engineers, developers, and other stakeholders on offensive security tactics and threat modeling.
Required Skills:
- 4+ years of offensive security experience (penetration tester, red team, security researcher).
- 1+ year leadership or team‑lead experience.
- Proven track record of finding and exploiting real vulnerabilities in production or near‑production environments.
- Proficiency in Python, Go, Bash scripting; ability to write exploits in multiple languages.
- Deep knowledge of modern web application security, REST/GraphQL APIs, cloud‑native infrastructure (AWS, Kubernetes), CI/CD pipelines, and container security.
- Mastery of offensive tools: Burp Suite, Metasploit, Playwright, Pacu, ScoutSuite, and similar frameworks.
- Strong communication, mentoring, and documentation skills, with ability to translate technical findings to non‑technical stakeholders.
- Experience with vulnerability management processes, scanner QA, and false‑positive/negative reduction.
Required Education & Certifications:
- Bachelor’s degree in Computer Science, Information Security, or related technical field (or equivalent practical experience).
- Relevant security certifications (e.g., OSCP, OSCE, GIAC Pen Test, or equivalent) are preferred.