Staff Offensive Security Engineer

Greenlight is seeking an experienced offensive security engineer to drive the strategy for its security programme. As a staff member, you will partner with engineering teams to build a world-class security programme.

Responsibilities

• Define the long-term vision for offensive security at Greenlight, focusing on continuous security validation rather than point-in-time testing.
• Design and execute complex, multi-stage adversary simulations targeting cloud infrastructure (AWS), mobile applications (iOS/Android), and internal corporate environments.
• Conduct deep-dive research into high-risk areas of the ecosystem, identifying zero-day vulnerabilities or sophisticated logic flaws missed by automated tools.
• Collaborate with DevOps and Engineering to build automated security guardrails and 'self-healing' infrastructure preventing common attack vectors.
• Support incident response by working with the Detection and Response team to improve monitoring capabilities through 'purple team' exercises validating alert coverage.
• Mentor senior and mid-level engineers, promoting a culture of security-minded development across the R&D organisation.

Requirements

• 8+ years of experience in offensive security, red teaming, or penetration testing with a proven track record of discovering critical vulnerabilities in complex environments.
• Expertise in cloud native security, particularly AWS security architecture, including IAM bypass techniques, container escapes (Kubernetes), and serverless security.
• Application security knowledge, including manual code review (Node.js, Python, or Go) and bypass techniques for modern web and mobile security controls.
• Ability to script in Python, Bash, or Go to automate exploitation chains or integrate security testing into CI/CD pipelines.
• Strategic communication skills to convey complex technical risks to executive stakeholders while maintaining trust with software engineers.
• Optional but valuable certifications: OSCP/OSCE, GXPN, or equivalent demonstration of deep technical skill.

Ideal Candidate

• An ethical hacker at heart, curious, persistent, and adept at finding creative solutions to bypass traditional security controls.
• A collaborative partner who believes that 'breaking things' is only half the job, with value in helping the team build stronger security.
• An owner mindset, taking pride in work and feeling responsible for the safety of families and their finances.