New The Skills of Tomorrow: how AI-exposed is every skill in 2026? See the data →
Astranis

Senior Offensive Security Engineer

Astranis
onsite senior full-time $160,000-$230,000 USD San Francisco
Apply →

First indexed 24 Apr 2026

Description

As a Senior Offensive Security Engineer, you will lead penetration testing and adversarial simulation efforts targeting our applications, cloud infrastructure, and corporate networks. You will emulate real-world attackers to identify weaknesses across the software and IT stack, and work closely with engineering and IT teams to improve our defenses.

Your focus is offensive testing of application and enterprise systems.

Responsibilities:

  • Perform penetration tests of web apps, APIs, backend services, cloud infrastructure, and corporate networks.
  • Conduct threat emulation exercises, red-team scenarios, and targeted attack simulations.
  • Assess CI/CD pipelines, IAM configurations, and internal services for exploitable weaknesses.
  • Lead offensive security initiatives and serve as the organization's primary expert for AppSec and enterprise pentesting.

Security Research & Adversarial Analysis:

  • Track emerging threats, techniques, and vulnerabilities relevant to cloud and enterprise environments.
  • Develop custom exploits or proof-of-concepts as needed to validate findings.

Collaboration & Remediation Support:

  • Work with development, infra, and IT teams to validate controls and guide effective remediation.
  • Provide actionable risk assessments from an attacker's perspective.
  • Contribute offensive insights to secure system design guidance.

General Product Security Support (Secondary):

  • Assist with code review and threat modeling for software components when offensive insights are needed.

Requirements:

  • 5+ years of hands-on offensive security experience (AppSec, cloud, or enterprise penetration testing).
  • Demonstrated experience leading complex penetration tests for web apps, APIs, and cloud platforms.
  • Strong proficiency in offensive tooling (Burp Suite, Nmap, Metasploit, proxy tools, etc.) and manual testing techniques.
  • Familiarity with cloud-native attack vectors (AWS/Azure/GCP).
  • Proficiency in at least one scripting or exploitation-oriented language (Python, Go, JavaScript, etc.).
  • Strong analytical and problem-solving skills with an attacker's mindset.
  • Ability to explain complex technical vulnerabilities to a range of audiences.
This listing is enriched and indexed by YubHub. To apply, use the employer's original posting: https://job-boards.greenhouse.io/astranis/jobs/4623394006