Offensive Security Engineer

Sector: Financial ServicesLocation: Fully remote (within Poland)Type: B2B Freelance contractDuration: 6 months (extensions available for 2+ years)Rate: Market rate (competitive)What You Will DoAs a Senior Offensive Security Engineer, you will be at the forefront of safeguarding our digital infrastructure and customer data. This position demands a blend of hacking skills, creativity, and a deep understanding of cyber threats. You will simulate sophisticated cyber attacks to identify vulnerabilities, ensuring our resilience against real-world threats. Collaborating with cross-functional teams, you will provide actionable insights to fortify our security posture.• Conduct white-box and black-box penetration testing against internal and public-facing applications and assets• Manage, triage, and investigate Bug Bounty submissions and external pentest findings• Perform variant analysis on issues discovered through all channels• Research and perform security analyses on our 3rd-party solutions• Develop tooling to support reconnaissance, automation, and metrics collection• Provide expert guidance to developers, other product security teams, and the SOC in investigating issues• Spread awareness of offensive security practices via demos, workshops, and training• Assess the security of our tech stack through whatever means are best suited• Define what we focus on to provide the most value• Help further mature the security programWho You Are• Strong experience with penetration testing and other technical security assessments• Experience identifying security issues in code, particularly within Java and Node.js• Experience with cloud environments, particularly AWS and modern micro-service design principles• Comfortable communicating findings clearly and effectively, with concrete remediation recommendations beyond simple issue reporting• Comfortable scripting and contributing to larger projects in Python• Able to take the initiative and be comfortable taking on projects that contribute to the larger security culture and posture• Industry recognized certifications, e.g., OSCP, OSWE, CREST, GIAC, AWS, et. al• CTF Participation and active contributions to the cybersecurity communitySeniority Level

Mid-Senior level

Industry Financial Services Employment Type

Contract

Job Functions Information Technology Skills

• IT Security Assessments
• Java
• Vulnerability
• Security Operations Center
• Python (Programming Language)
• Penetration Testing
• Node.js