Staff Security Engineer - Corporate Security

• About Our Client:

The organization operates in the offensive security industry, focusing on preventing breaches before they occur. It addresses the challenge of organizations traditionally adopting an "assume breach" mindset by promoting offensive security as a core prevention strategy. The company specializes in identifying root causes of security issues and aims to build a future with uncompromised security. Its work impacts critical organizations by shifting security approaches toward proactive threat mitigation.

• About the Opportunity:

The Staff Security Engineer - Corporate Security leads advanced security assessments and develops new methodologies for security testing across emerging technologies. This role guides security architecture reviews and provides expert technical support to security engineers, enhancing security strategies for complex environments. The position significantly contributes to the organization''s mission by improving offensive security capabilities to prevent breaches and strengthen client security postures.

• Responsibilities:

• Lead technical execution of advanced security assessments including staff augmentation, detection engineering, threat hunts, red and purple team engagements, and GRC compliance

• Conduct risk-informed threat modeling, defensive enablement, and tabletop exercises for enterprise-scale systems

• Research new attack vectors and develop exploitation techniques

• Create new methodologies and tools for automated security testing

• Design training programs and develop documentation to upskill security engineers

• Lead security architecture reviews of CI/CD pipelines, cloud, on-premises, hybrid infrastructures, and container platforms

• Provide expert guidance on complex security architecture and design decisions affecting client deliverables

• Host knowledge sharing sessions and Office Hours for broad security education

• Lead technical discovery sessions with stakeholders and advise on testing approaches based on security objectives and environments

• Requirements:

• Master’s degree in Computer Science, Engineering, Cybersecurity, or related field plus 4 years of cybersecurity experience, or bachelor’s degree plus 6 years

• Experience in cloud security architectures with at least two of AWS, Azure, or GCP

• Expertise in product/application security testing (web and mobile) and secure code review

• Proficiency in programming languages including C, Bash, Python, Assembly, Go, PowerShell, and JavaScript

• Skills in external and internal network penetration testing, reverse engineering, vulnerability research, and exploit development

• Familiarity with command and control frameworks such as Sliver, CobaltStrike, Mythic

• Experience with threat modeling, attack path mapping, threat hunting, tabletop, and purple team exercises

• Minimum 3 years of experience securing container technologies (Docker) and registry platforms (DockerHub, ACR, ECR, GCR)

• Minimum 3 years securing orchestration technologies (Kubernetes) and cluster management platforms (AKS, EKS, GKE)

• Experience with at least three identity technologies among Azure AD, Auth0, OKTA, and Google Identity

• Experience with privilege access management and secrets management platforms

• Minimum 3 years familiarity with security frameworks including MITRE ATT&CK, MITRE DEF3ND, NIST CSF, CIS 18

• At least one foundational offensive security certification (e.g., OSCP, PNPT)

• At least one advanced certification (e.g., CRTO, OSEP, CRTL, OSED)

• Domestic travel up to 15% required

• Fully remote position

• Pay Range and Compensation Package:

• The pay range and compensation package for this role will be determined based on the candidate’s experience, skills, and other relevant factors.

Equal Opportunity Statement:

Equal Opportunity Statement: Our client is an equal opportunity employer. They celebrate diversity and are committed to creating an inclusive environment for all employees. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, or national origin.

Note:

RemoteHunter is not the Employer of Record (EOR) for this role. Our purpose in this opportunity is to connect exceptional candidates with leading employers. We help job seekers worldwide discover roles that match their goals and guide them to complete their full application directly through the hiring company’s career page or ATS.