Senior Product Security Engineer

About the job

Key Responsibilities

Simulate real-world attacker tactics, techniques, and procedures (TTPs) to assess and improve the security posture of applications, APIs, and infrastructure.
Identify, exploit, and document vulnerabilities in products and supporting systems using both manual techniques and automated tools.
Develop and execute custom attack scenarios, including phishing, social engineering, and lateral movement campaigns, to test organizational defenses.
Prepare comprehensive assessment reports, including reproduction steps and actionable remediation guidance for engineering teams.
Stay current with the latest security threats, adversary methodologies (e.g., MITRE ATT&CK framework), and offensive security tooling.
Assist in simulating adversary attacks to identify vulnerabilities and logic flaws in web and product features.
Help develop automation scripts, tools, and documentation to support security testing activities.
Continuously learn and apply the latest security testing techniques, tools, and industry best practices.

Required Qualifications

Bachelor’s degree in Computer Science, Information Security, Engineering, or equivalent experience.
5+ years of experience in offensive security, penetration testing, or red teaming.
Solid understanding of basic networking, web technologies, and computer systems.
Familiarity with at least one scripting or programming language (e.g., Python, JavaScript, Bash, PowerShell).
Demonstrated interest in cybersecurity (capture the flag participation, open-source contributions, hacking challenges, security coursework, etc.).
Strong problem-solving and communication skills.
Eagerness to learn and adapt in a fast-paced security environment.

Preferred Qualifications

Certifications such as CCRT(S), OSEP, GPEN, OSCP, SANS SEC565.
Knowledge of common attack patterns, OWASP Top 10, or cloud security basics.
Contributions to the security community in the form of research, CVEs, tools, or publications.