Security Architect and Offensive Specialist

Job Description

We are seeking a seasoned Security Architect & Offensive Specialist to serve as the technical anchor for our Product Security program. This is a high-visibility role for a "security-first" engineer who can navigate a whiteboard session on threat modeling just as comfortably as they can exploit a logic flaw in an API or automate a security gate in a CI/CD pipeline.

Job requirements:

Technical Experience & Expertise

• Offensive Security Mastery: Extensive experience in manual Penetration Testing focusing on Web Applications, APIs, and Cloud environments.
• Security Architecture: Proven ability to conduct deep-dive Security Architecture Reviews and enforce secure design patterns across complex systems.
• Threat Modeling: Hands-on experience leading threat modeling sessions using industry-standard frameworks such as STRIDE or PASTA.
• Vulnerability Management: Expertise in validating, triaging, and prioritizing vulnerabilities from external bug bounty programs or third-party vendors.
• AI/ML Security: Emerging expertise in securing Large Language Models (LLMs), including implementing AI Guardrails and defending against prompt injection and data leakage.

DevSecOps & Automation:

• CI/CD Integration: Demonstrated experience embedding security "gates" and automated scanners directly into DevOps pipelines.
• Application Security Tooling: Deep technical proficiency with the following categories:
• SAST: (e.g., Checkmarx, SonarQube)
• SCA: (e.g., Snyk, Black Duck)
• DAST: (e.g., Burp Suite Enterprise, OWASP ZAP)
• Automation: Ability to automate security workflows and "blocking" mechanisms for critical-severity issues to ensure high developer adoption.

Preferred Qualifications

• Relevant certifications such as OSCP (Offensive Security Certified Professional), CISSP-ISSAP, or specialized Cloud Security certifications (AWS/Azure/GCP).
• Experience securing Machine Learning (ML) pipelines.

Job Responsibilities

Core Responsibilities:

1. Architecture & Threat Modeling

• Lead Threat Modeling sessions (STRIDE/PASTA) for critical features early in the design phase.
• Conduct Security Architecture Reviews to identify logical flaws and enforce secure design patterns.

2. Penetration Testing (Offensive Security):

• Perform deep-dive manual Penetration Testing (Web, API, Cloud) to validate critical vulnerabilities
• Manage external bug bounties or pen-test vendors and validate their findings.

3. DevSecOps & Tooling (SAST, DAST, SCA):

• Pipeline Integration: Embed and tune security scanners into the CI/CD pipeline to minimize noise and maximize developer adoption.
• SAST: (e.g., Checkmarx, SonarQube) for code analysis.
• SCA: (e.g., Snyk, Black Duck) for open-source dependency management.
• DAST: (e.g., Burp Suite Ent, OWASP ZAP) for runtime testing.
• Automate "blocking" gates for critical severity issues.

4. AI Security & Guardrails (Strategic Growth):

• Research and implement AI Guardrails to secure LLM usage (preventing prompt injection, PII leakage)
• Collaborate with data teams to secure the ML pipeline and define AI usage policies.

Department/Project Description

We’re building a platform of cutting-edge Generative AI services that automate the boring parts of software development—from test generation to infra setup. We’re hiring a highly technical AQA who lives in code, understands cloud-native stacks (Azure, GCP, Kubernetes, Terraform), and enjoys transforming complex real-world scenarios into reliable automated checks. You’ll validate that our platform truly covers real customer workflows, highlight gaps, and drive improvements.