WebApp Offensive Security Engineer

about 4 hours ago

Remote, United StatesMid Level / Senior

Base Salary

$196k - $242k/yr

Responsibilities

Perform hands-on, full-scope web application penetration tests against real customer applications.
Review NodeZero results to identify coverage gaps and missed opportunities.
Manually reproduce and validate edge cases, building reliable proof-of-concept exploits.
Partner with software engineers to translate findings into product improvements.
Build and maintain a library of regression and benchmark test cases.
Monitor production pentests for missed findings and create Jira tickets for resolution.
Work with customers and internal teams to investigate findings and explain attack paths.
Author technical blog posts and research write-ups on new exploits and methodologies.
Mentor teammates and contribute to team process improvements.

Extensive hands-on experience conducting full-scope web application penetration tests.
Deep knowledge of web vulnerability classes such as SQL injection and XSS.
Ability to find and exploit business-logic and edge-case flaws.
Strong command of proxy tools like Burp Suite and browser developer tools.
Comfort scripting to reproduce findings and build proof-of-concept exploits.
Ability to communicate attack steps and remediation guidance clearly.
Curiosity about emerging AI technologies and comfort using AI-assisted tools.
Strong written and verbal communication skills.
Ability to manage multiple priorities and mentor teammates.
History of recognized security research and successful bug bounty contributions.

Inclusive team culture that values diversity.
Growth opportunities within a dynamic and growing team.
Collaborative environment that encourages creativity.
Hybrid and remote work options available.
Competitive salary, equity, and comprehensive benefits including health, vision, and dental insurance.