Offensive Security Engineer jobs in United States
cer-icon
Apply on Employer Site
company-logo

Casco (YC X25) ยท 5 months ago

Offensive Security Engineer

positionUnited States
timeFull-time
remoteRemote
seniorityMid Level
money$200K/yr - $200K/yr
date3+ years exp

Casco is a fast-growing startup focused on shaping the future of security testing. They are seeking an exceptional Offensive Security Engineer to conduct sophisticated manual penetration tests and work alongside automated red teaming systems, bridging the gap between human expertise and AI-driven security assessment.

Artificial Intelligence (AI)Cyber SecuritySoftware Engineering
badNo H1Bnote

Responsibilities

Execute comprehensive, white-glove manual penetration tests across web applications, APIs, cloud infrastructure, and network environments
Review, validate, and enhance findings generated by our agentic red teaming platform
Develop custom exploits, tools, and methodologies to identify complex security vulnerabilities
Contribute to the development of security-focused software and tooling within our engineering team
Collaborate with our engineering team to improve and refine our automated security testing capabilities
Produce detailed, actionable security assessment reports with clear remediation guidance
Partner with customer engineering teams to ensure security findings are properly understood and addressed
Research emerging attack vectors, particularly those involving AI/LLM systems and applications
Drive innovation in offensive security methodologies, especially at the intersection of traditional pentesting and AI-assisted security assessment
Mentor team members on advanced penetration testing techniques
Contribute to the company's security strategy and roadmap
Participate in the continuous improvement of our security testing frameworks and processes

Qualification

Penetration testingAI/LLM securityOWASP Top 10Penetration testing toolsSoftware engineeringCloud securityNetwork penetration testingAPI security testingHacker mindsetSelf-directedCommunication excellenceContinuous learnerCollaborative spirit

Required

3+ years of professional penetration testing or offensive security experience with a proven track record of identifying critical vulnerabilities
Hands-on experience with AI/LLM security, including prompt injection, model manipulation, data poisoning, or other AI-specific attack vectors
Strong software engineering skills with proficiency in at least two programming languages, including TypeScript
Deep understanding of OWASP Top 10, MITRE ATT&CK framework, and modern attack methodologies
Experience with common penetration testing tools (Burp Suite, Metasploit, Cobalt Strike, custom tooling)
Expertise in at least two of the following domains: Web application security, Cloud security (AWS, Azure, GCP), Network penetration testing, API security testing

Preferred

Experience building or contributing to security tools and frameworks
Knowledge of machine learning security, adversarial ML, or AI red teaming
Relevant certifications (OSCP, OSWE, OSEP, GPEN, or equivalent)
Experience with container security and Kubernetes environments
Background in vulnerability research or exploit development
Contributions to open-source security projects
Experience working in fast-paced startup environments

Benefits

Equity package with high growth potential
Annual allocation for training, certifications, and conferences
Access to the latest tools and technologies

Company

Casco (YC X25)

twittertwitter
company-logo
Casco validates security, safety, and accuracy of AI apps and agents. Continuously.
dateFounded in 2025
location
San Francisco, California, USA
people-size2-10 employees
web-link
https://casco.com/

Funding

Current Stage
Early Stage
Total Funding
unknown
2025-06-15Seed

Leadership Team

leader-logo
Rene Brandel
Founder & CEO
linkedin
leader-logo
Ian Saultz
Founder & CTO
linkedin
Company data provided by crunchbase