Senior Offensive Security Engineer

Reports to: Director, Product Security and Incident Response

What We Do:

Cybercrime is growing, and more businesses are getting hit by threats that used to target only the biggest organizations. That pushes defenders like us to operate at the highest level, and it deepens our need for good people who want to make a meaningful impact.

Founded in 2015 by former NSA cyber operators, Huntress is a remote-first team working to make enterprise-grade cybersecurity accessible to businesses of all sizes. We work closely with security teams and service providers protecting complex environments, often without the time or headcount to handle it all. That’s why we build our technology in-house and back it with a 24/7 human-led Security Operations Center (SOC). As a result, our platform is never disconnected from the experts who manage it, ensuring our customers' protection.

Huntress now secures more than 5M endpoints and 11M identities worldwide. Those numbers keep growing because more businesses rely on us to help carry the load and operate with more confidence. Every day, you can see that commitment in how we stand with our customers and how we show up for each other.

What You’ll Do:

As a Senior Offensive Security Engineer, you will work in our Offensive Security team to assess Huntress’ ability to withstand attacks from highly motivated adversaries. This role will be responsible for determining weaknesses in Huntress’ defenses through offensive security engagements. The scope is not limited to our production systems; we expect you to accurately weaponize the successful tactics our adversaries utilize to attack their victims and test all aspects of our organization for resilience.

Huntress has security expertise in spades, and you will be surrounded by some of the best in the business. In this role you’ll partner closely with our internal security and product teams to explore and address security concerns in an adversarial but collaborative fashion - security is a team sport.

Responsibilities:

• Plan, design, and execute red (and purple) team engagements to simulate advanced adversarial tactics and techniques
• Perform in-depth penetration tests on web applications, endpoint agents, internal systems, and our people
• Utilize a mix of traditional scripting and generative AI platforms to rapidly prototype tools, replicate sophisticated cyber threats, and automate repetitive workflows during live engagements
• Conduct social engineering campaigns to evaluate human vulnerabilities
• Collaborate closely with the Security Operations Center and CSIRT teams to enhance detection and response capabilities
• Stay informed on emerging threats and update red teaming methodologies
• Partner with Product Security to prioritize testing efforts for new releases
• Analyze and exploit vulnerabilities through detailed operational logging, leveraging strong documentation and communication skills to translate complex technical findings into actionable remediation guidance that directly hardens the organization's security
• Develop and deliver detailed technical and executive-level reports post-engagement
• Integrate red team tools, techniques, and processes into a broader security strategy
• Lead or participate in after-action reviews to identify lessons learned
• Assist in designing and implementing security controls based on red team findings