Finance of America · 4 months ago
Offensive Security Engineer II
United States
Full-time
Remote
Mid Level
$85K/yr - $142K/yr
3+ years expFinance of America is a company focused on helping homeowners unlock their retirement potential through innovative financial solutions. The Offensive Security Engineer II is responsible for application security testing, adversary simulation, and cloud security research, emphasizing adaptability and security while collaborating with blue teams to validate defenses.
BankingFinancial ServicesLending
Responsibilities
Conducts penetration tests and threat simulations across applications, infrastructure, and cloud environments (AWS and Azure)
Performs application security reviews, including secure code review and SAST/DAST configuration in CI/CD pipelines
Supports red and purple team exercises, using tactics aligned with the MITRE ATT&CK framework, to measure and improve SOC readiness
Researches and tests emerging threats, vulnerabilities, and exploitation techniques, including those targeting cloud and AI/ML applications
Partners with development, cloud, and SOC teams to communicate risks and recommend practical remediation strategies
Creates or adapts custom offensive tools and scripts to support testing scenarios
Documents and clearly communicates technical findings to both technical and non-technical audiences
Conducts security research and attends trainings, conferences, and capture-the-flag (CTF) events
Performs other duties as assigned
Qualification
Required
Minimum 3 years of experience in offensive security, penetration testing, or application security
Proficiency in web application security testing (e.g., OWASP Top 10, business logic flaws, authentication/authorization bypasses)
Familiarity with cloud security testing in AWS (IAM, S3, EC2, Lambda, etc.); exposure to Azure strongly preferred
Knowledge of AI/ML application security testing, including risks such as prompt injection, data poisoning, and model extraction preferred
Scripting proficiency in Python, PowerShell, or Bash
Strong understanding of operating systems (Linux, Windows, MacOS) and networking protocols
Experience with CI/CD pipeline security integration (e.g., Azure DevOps, GitHub Actions)
Exposure to adversary simulation tooling (e.g., C2 frameworks like Cobalt Strike, Sliver, Mythic)
Familiarity with the MITRE ATT&CK framework and its application to offensive testing
Strong written and verbal communication skills, with the ability to explain technical findings clearly to developers, engineers, and non-technical stakeholders
Ability to exercise judgment when policies or precedents are incomplete or not well-defined
Self-motivated, driven, and passionate about cybersecurity, with a continuous learning mindset
Bachelor's Degree or comparable qualifications in Computer Science, Cybersecurity, or related field
Preferred
Exposure to Azure strongly preferred
Knowledge of AI/ML application security testing, including risks such as prompt injection, data poisoning, and model extraction preferred
Scripting proficiency in Python preferred
Certifications such as OSCP, OSWE, OSEP, GXPN, or CRTO preferred
Prior experience collaborating with SOC and IR teams in purple team exercises
Benefits
Health
Dental
Vision
Life insurance
Paid time-off benefits
Flexible spending account
401(k) with employer match
ESPP
Company
Finance of America
Finance of America Reverse LLC dba Finance of America (NMLS 2285) is the consumer brand and reverse mortgage operating subsidiary of its parent company, Finance of America Companies Inc.
501-1000 employees
Funding
Current Stage
Public CompanyTotal Funding
$300MKey Investors
Blue OwlBlackstone Tactical Opportunities
2025-12-11Post Ipo Equity· $50M
2021-04-05Post Ipo Equity· $250M
2021-04-05IPO
Leadership Team
Angela Tribelli
Chief Marketing Officer
Recent News
2026-01-07
2025-12-15
Company data provided by crunchbase