Key skills
AWSCloudKubernetesAILLMClaudeCI/CDLeadershipCommunicationOWASPPenetration TestingCloud Security
About this role
Role Overview
- Perform deep, context-aware penetration testing of web applications, APIs, endpoint agents, thick clients, identity systems, and cloud-native services.
- Build AI-powered threat hunting skills and fuzz factory plugins using Claude and Codex.
- Develop working proof-of-concept exploits for discovered vulnerabilities that demonstrate real impact in the product's deployment context.
- Validate vulnerabilities from all sources, confirm exploitability, assess severity in context, and deliver specific fix recommendations to engineering teams grounded in the codebase and deployment model.
- Partner with Cyber Defense and Security Architects to translate offensive findings into defensive capabilities.
- Build and maintain AI-driven security testing tooling integrated into CI/CD pipelines.
- Participate in threat modeling exercises alongside Product Security Architects.
Requirements
- 5+ years in Product Security, or Penetration Testing with direct hands-on testing and exploit development
- Strong expertise in web application and API security: authentication/authorization, session management, input validation, cryptography, injection attacks, deserialization, SSRF, and privilege escalation
- Proficiency with penetration testing tools and methodologies (Burp Suite, custom scripts, fuzzing frameworks) combined with manual exploit validation
- Hands-on experience using LLM platforms (Claude, Codex, or similar) to build security testing workflows, generate test cases, analyze code, or develop exploits
- Experience building custom security tooling: fuzzers, scanners, exploit frameworks, or automation that goes beyond configuring off-the-shelf products
- Strong understanding of common vulnerability classes (OWASP Top Ten, API Security Top Ten, CWE) and how they manifest in real production applications
- Experience collaborating with defensive security teams (SOC, Cyber Defense, IR) to translate offensive findings into detection and monitoring capabilities
- Understanding of cloud security fundamentals (preferably AWS) and CI/CD pipeline security
- Strong communication skills: you can explain a complex exploitation chain to an engineering team and deliver a clear risk narrative to leadership
- Preferred: Experience building AI-native security workflows, threat hunting agents, or automated fuzzing pipelines using LLM platforms
- Background in securing endpoint technologies, identity systems, privileged access management, or enterprise security platforms
- Experience with mobile application security testing and thick client assessments
- Familiarity with container security, Kubernetes security, and infrastructure-as-code scanning
- Experience working with bug bounty programs, vulnerability disclosure programs, or coordinated disclosure
- Professional certifications such as OSWE, OSCP, GWAPT, GPEN, or equivalent hands-on credentials
- Contributions to security research, open-source security tooling, or published vulnerability disclosures
Tech Stack
- AWS
- Cloud
- Kubernetes
Benefits
- Flexibility
- Professional development opportunities
- Health insurance
- Paid time off
- Equipment allowances
- Wellness programs