Be an early applicantLess than 25 applicants

Company

Praetorian · 2 hours ago

Lead Offensive Security Engineer (Software Security)

United States

Full-time

Remote

Senior Level

$120K/yr - $175K/yr

5+ years exp

Maximize your interview chances

Cloud SecurityCyber Security

Growth Opportunities

No H1B

Hiring Manager

Mandee (Blackwell) Provazek

Insider Connection @Praetorian

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Lead the technical execution on challenging offensive security projects for our customers

Identify nuanced vulnerabilities in advanced systems

Develop custom methodologies, payloads, exploits, and tools to ensure project success

Develop documentation for novel mitigation strategies to emerging or undocumented security risks identified in client environments

Develop comprehensive reports and presentations for our custom

Serve as a mentor to other engineers in their technical and professional development

Collaborate with the security community to develop novel attack techniques, tactics, and procedures (TTPs) through Praetorian’s Security Blog and other forms of community engagement

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

CybersecurityPNPT certificationOSCP certificationOSWE certificationCloud SecurityProduct Security TestingWeb Application Penetration TestingIoT SecuritySecure Code ReviewReverse EngineeringVulnerability ResearchExploit DevelopmentGolangPythonDockerKubernetesAWSAzureGCPSecrets ManagementAutomotive SecurityNetwork Device SecurityMedical Device SecurityCryptocurrency SecurityFirmware AnalysisWireless ProtocolsCVE AssignmentsSecurity Community EngagementTechnical ReportsTechnical Presentations

Required

Demonstrated passion for cybersecurity

PNPT, BSCP, OSCP, or OSWE certifications

BS in Computer Science, Engineering, Mathematics, or Physics or equivalent experience

5+ years of experience in at least four of the following: Product Security Testing (Application, Mobile, LLM), Cloud Security (AWS, Azure, GCP), Web Application Penetration Testing, IoT Security (Embedded, Firmware, Wireless), Secure Code Review, Reverse Engineering, Vulnerability Research/ Exploit Development

Experience developing payloads, exploits or tools

Understanding of threat models, attack paths and intelligence considerations within the scoping of technical projects

Ability to write technical reports and present technical findings both internally and externally

Experience with startup and/or high-tech companies

Preferred

Prior security consulting experience a major plus

Software development experience in core offsec languages such as golang or python

Experience with cutting edge technology stacks and modern security technologies

Advanced technical knowledge in any of the following: Exploit development beyond Windows and for MacOS X or Linux, Reverse engineering malware, data obfuscators, or ciphers, Software maturity models such as OpenSAMM, BSIMM, and SDL, Identity technologies for Azure AD, Auth0, Firebase, OKTA, or Google Identity, Secrets management such as Hashicorp Vault and cloud native KMSs, Containerization technologies such as Docker and registry platforms such as DockerHub, ACR, ECR, & GCR, Orchestration technologies such as Kubernetes and cluster management platforms such as AKS, EKS, & GKE, Command and control channel frameworks and deployment, Automotive security, ICS/SCADA, Network device security, Medical device security, Home automation security, and/or cryptocurrency wallet security, Hardware RE, software RE, firmware analysis, embedded cryptography, wireless protocols, Software-defined radio, glitching, side-channel analysis, and/or IoT PaaS and similar technologies

Capture-the-flag, CCDC, CPTC or other security related competitions

Ranked achievements on testing platforms such as Hack the Box, Tryhackme, Portswigger and similar

Pursuit of advanced learning opportunities via security training courses, conferences, personal projects and similar

Track record in vulnerability research and CVE assignments

Security community experience via presentations, conference attendance, blogs, white papers and similar

OSCE, OSEP, OSED, CRTO, cloud certifications and similar

Benefits

Equity Incentive Plan, offering ownership stakes in the company

Continuous learning opportunities through our internal Learning & Development (L&D) program, including training, certifications, and conferences to support your career growth

Recognition and rewards for speaking engagements at industry events and conferences

Comprehensive health and dental insurance coverage

Immediate 401(k) matching

Paid maternity and paternity leave