# Staff Offensive Security Engineer **Company**: Greenlight **Work arrangement**: onsite **Experience**: staff **Job type**: full-time **Category**: Engineering **Industry**: Technology **Apply**: https://jobs.lever.co/greenlight/4ff67437-ab0b-48f2-9e52-3066e9460277?utm_source=yubhub.co&utm_medium=jobs_feed&utm_campaign=apply **Canonical**: https://yubhub.co/jobs/job_721a5d99-3f8 ## Description Greenlight is seeking an experienced offensive security engineer to drive the strategy for its security programme. As a staff member, you will partner with engineering teams to build a world-class security programme. ### Responsibilities - Define the long-term vision for offensive security at Greenlight, focusing on continuous security validation rather than point-in-time testing. - Design and execute complex, multi-stage adversary simulations targeting cloud infrastructure (AWS), mobile applications (iOS/Android), and internal corporate environments. - Conduct deep-dive research into high-risk areas of the ecosystem, identifying zero-day vulnerabilities or sophisticated logic flaws missed by automated tools. - Collaborate with DevOps and Engineering to build automated security guardrails and 'self-healing' infrastructure preventing common attack vectors. - Support incident response by working with the Detection and Response team to improve monitoring capabilities through 'purple team' exercises validating alert coverage. - Mentor senior and mid-level engineers, promoting a culture of security-minded development across the R&D organisation. ### Requirements - 8+ years of experience in offensive security, red teaming, or penetration testing with a proven track record of discovering critical vulnerabilities in complex environments. - Expertise in cloud native security, particularly AWS security architecture, including IAM bypass techniques, container escapes (Kubernetes), and serverless security. - Application security knowledge, including manual code review (Node.js, Python, or Go) and bypass techniques for modern web and mobile security controls. - Ability to script in Python, Bash, or Go to automate exploitation chains or integrate security testing into CI/CD pipelines. - Strategic communication skills to convey complex technical risks to executive stakeholders while maintaining trust with software engineers. - Optional but valuable certifications: OSCP/OSCE, GXPN, or equivalent demonstration of deep technical skill. ### Ideal Candidate - An ethical hacker at heart, curious, persistent, and adept at finding creative solutions to bypass traditional security controls. - A collaborative partner who believes that 'breaking things' is only half the job, with value in helping the team build stronger security. - An owner mindset, taking pride in work and feeling responsible for the safety of families and their finances. ## Skills ### Required - offensive security - red teaming - penetration testing - cloud security - AWS security - container security - serverless security - manual code review - scripting (Python, Bash, Go) - CI/CD pipeline integration --- Source: [Apply at jobs.lever.co](https://jobs.lever.co/greenlight/4ff67437-ab0b-48f2-9e52-3066e9460277?utm_source=yubhub.co&utm_medium=jobs_feed&utm_campaign=apply)