As a Security Engineer at Offchain Labs, you will emulate the real-world tactics, techniques, and procedures of sophisticated adversaries to surface vulnerabilities across our infrastructure and ecosystem tools.
You’ll run hands-on penetration tests, lead red team exercises, and work side-by-side with blue team partners to test, refine, and strengthen detection and response capabilities.
Your efforts will directly shape how Offchain Labs designs, launches, protects, and achieves compliance for the infrastructure that powers millions of users and applications - including key standards such as SOC 2.
What you'll do:
Conduct comprehensive penetration tests and code audits across cloud environments (AWS), internal infrastructure, and backend applications.
Collaborate with detection engineering, threat intelligence, and incident response groups to review security controls, uncover coverage gaps, and enhance overall detection quality.
Build, maintain, and evolve custom offensive tools, scripts, and automation frameworks to increase assessment speed.
Offer offensive security expertise during incident investigations, including log analysis and root cause reviews.
Keep up with evolving threats, vulnerabilities, and attack methods; share research internally and engage with the wider security community.
Own offensive security projects from start to finish, mentor junior team members, and cultivate a culture of ongoing learning and knowledge exchange.
What you'll need:
5+ years of experience in offensive security, penetration testing, red teaming, or a closely related field.
Mastery of AWS & specific attack techniques and configuration weaknesses.
Solid understanding of adversary tactics and frameworks like MITRE ATT&CK.
In-depth knowledge of web application security, including OWASP Top 10, ASVS, and common vulnerability categories.
Proficiency using offensive security tools such as Burp Suite, Cobalt Strike, or equivalent frameworks
Strong programming skills in Python, Go, or similar languages, with proven experience developing tools or automation.
Excellent written and verbal communication skills, with the ability to present complex technical details as clear, risk-focused recommendations
A natural ability to think like an attacker - creative, determined, and skilled at assessing risk across complex systems
Perks:
Remote-first global workforce + NY office
Annual company offsite + team onsites
Professional reimbursement program (facilitates industry conference attendance, certifications, and more)
Medical, dental & vision coverage (US + some other countries)
401k retirement plan + company match (US only)
Wellness stipend
Home office set up / ergonomic equipment program
Senior Security Engineer (Offensive) | Entireless Jobs
