Senior Offensive Security Engineer (Team Lead)

Key Responsibilities:

• Architect and execute advanced red team simulations mimicking nation-state adversaries
• Lead a team of 2–3 engineers in delivering penetration tests projects
• Reverse-engineer mobile applications (APK/iOS IPA) to identify cryptographic flaws, insecure data storage, and insecure communication
• Assess web applications and APIs for vulnerabilities such as insecure deserialization, broken authentication, and excessive data exposure.
• Familiarity with standards like OWASP Top 10, SANS Top 25 etc
• Contribute to internal tooling by writing exploits, automation scripts, and vulnerability scanners

Qualifications:

• Preferred Certifications: OSCP, CRTO, CRTP, OSWE, eCPPT, CREST CRT, eWPTX, or SANS GPEN/GWEB
• Proven track record leading teams in penetration testing (web applications, APIs, networks)
• Proven experience leading red team operations
• Expertise in mobile penetration testing (e.g., OWASP MSTG, Magisk, Xposed)
• Strong network and web skills: DNS tunneling, exploit development (Metasploit), and API & web threat modeling
• Familiarity with cloud environments (AWS/Azure misconfigurations, IAM attacks)

Preferred Skills:

• Programming proficiency in Python, Go, Rust, or Java for exploit development
• Experience with cloud security assessments and incident response
• Knowledge of DevSecOps practices and integration of security into CI/CD pipelines will be additional bonus
• Strong analytical and problem-solving skills with the ability to think creatively and adapt to new challenges