RemoteLeaf Logo
Log in Sign up

Staff Engineer, Offensive Security

2 weeks, 6 days ago
Ireland
Full-time
Lead
Penetration Tester
Software Development
Android AWS Azure Bash Burp Suite C++ iOS Kubernetes Metasploit Network Security Nmap Penetration Testing Python SIEM TensorFlow Wireshark
Apply Now
Twilio

Twilio

Twilio is a cloud communication company that offers Communication APIs for SMS, Voice, Video, and Authentication, empowering developers to embed communication capabilities into their software applications globally.

Diversified Telecommunication Services
5K-10K
Founded 2008
View All Jobs 146

Description

  • Perform manual and automated penetration testing of web applications, APIs, and mobile apps.
  • Conduct internal and external network and cloud security audits using a variety of tools.
  • Triage and validate findings from scanners and bug bounty submissions, escalating true positives and eliminating false positives.
  • Run prompt injection and jailbreak testing against AI prototypes, services, and applications using established LLM security checklists.
  • Write detailed technical reports that clearly document the path to compromise and reproducible steps for developers.
  • Maintain and update the team’s testing infrastructure, including Burp Suite and basic C2 listeners.
  • Provide remediation guidance to engineering teams for vulnerabilities such as XSS, SQLi, and IDOR.
  • Design and lead multi-week red team operations that emulate specific threat actors and test detection capabilities.
  • Develop custom payloads, droppers, and obfuscated scripts to bypass EDR/AV and maintain stealth.
  • Build automated testing frameworks for AI systems to evaluate risks such as sensitive data leakage.
  • Execute sophisticated attacks against AWS, Azure, and Kubernetes environments with a focus on IAM misconfigurations and container escapes.
  • Collaborate with SIRT and Detection Engineering to tune SIEM alerts based on engagement techniques.
  • Oversee the organization’s bug bounty program and identify trends that can drive broader architectural security changes.

Requirements

  • 7-10 years of experience in offensive security, penetration testing, AppSec, vulnerability exploitation, or high-volume bug bounty work.
  • Proven track record of finding high- and critical-severity vulnerabilities in complex environments using commercial or custom pentesting tools.
  • Expert knowledge of the MITRE ATT&CK matrix, the OWASP Top 10 for web applications, and the OWASP Top 10 for LLMs.
  • Understanding of post-exploitation techniques including lateral movement, persistence, and data exfiltration, plus adversarial ML.
  • Proficiency with tools such as Burp Suite Professional, Nmap, Metasploit, and Wireshark.
  • Experience with AI security tools such as LangChain and TensorFlow for adversarial testing.
  • Experience using C2 frameworks such as Cobalt Strike, Sliver, or Havoc, or similar tools.
  • Ability to write functional scripts in Python or Bash to automate repetitive testing tasks.
  • Proficiency in coding and scripting with Python and C++ for custom offensive exploit development that avoids signature-based detection.
  • Advanced offensive security certifications such as OSCP, OSEP, OSWE, or GXPN are highly desirable.
  • Telecom experience is preferred.
  • Excellent written and verbal communication skills.
  • Ability to influence and build effective working relationships across all levels of the organization.
  • Proficiency in multiple languages applicable to the region.

Benefits

  • Competitive pay.
  • Generous time off.
  • Ample parental leave and wellness leave.
  • Healthcare benefits.
  • Retirement savings program.
  • Remote work based in Ireland.
  • Approximately 15% travel to support in-person relationship building.
  • Volunteer and donation support to encourage community impact.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Censys

Director of Security/GRC

Censys 51-250 IT Services

Censys is hiring a Director of Security & GRC to lead corporate security, risk, and compliance programs for a remote U.S. team supporting internet intelligence operations.

United States Full-time Executive Penetration Tester Security Engineer
$180k-$237k
AWS Azure Cybersecurity GCP SIEM
1 hour, 12 minutes ago
Rush Street Interactive

Senior Information Security Specialist

Rush Street Interactive 251-1K Hotels, Restaurants & Leisure

Rush Street Interactive is hiring a Senior Information Security Specialist to support the protection of its online gaming platforms, infrastructure, and data through technical security leadership across multiple domains.

Serbia Malta Estonia Full-time Senior Security Engineer
SIEM SOC
1 hour, 50 minutes ago
Arize AI

DevSecOps Engineer (TypeScript & Agentic AI)

Arize AI 51-250 IT Services

Arize AI is hiring a remote IT Support Specialist to support Mac-only endpoints, cloud systems, and compliance operations for a distributed team.

United States Full-time Junior Security Engineer Systems Administrator
Confluence GitHub JIRA TypeScript
3 hours, 2 minutes ago
JMA Wireless

IT Infrastructure Security Operations Engineer

JMA Wireless 251-1K Wireless Telecommunication Services

JMA is hiring an IT Infrastructure Security Operations Engineer in Syracuse, NY to own the day-to-day security posture of its enterprise infrastructure and keep Windows and Linux environments continuously hardened and audit-ready.

United States Full-time Senior Security Engineer
$100k-$120k
Active Directory Ansible Bash Linux PowerShell Puppet Python SIEM
3 hours, 38 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers