Senior Security Engineer (Pen Tester)

Role Overview

We are seeking a forward-thinking Security Engineer to join our team, focusing on offensive and defensive security, the penetration testing of product features, and the cloud architecture supporting the product. In this role, you will operate across a complex, multi-cloud environment (AWS & GCP) comprising both traditional VMs and modern managed and unmanaged container-based architectures.

In this focused role, you will partner with other security (Penetration Tester and Cloud Security) engineers to execute targeted assessments during specific windows of the product testing phase immediately prior to release. Success requires you to stay synchronized with the product roadmap and develop a deep technical mastery of new features, enabling you to independently configure environments and test thoroughly within tight timelines.

Your responsibilities extend beyond the application layer to the Control Plane, where you will conduct rigorous infrastructure reviews to ensure that cloud configurations, IAM policies, and orchestration layers meet our security baselines. Your operational cadence is built on speed: you must identify, validate, and report vulnerabilities quickly to maintain release velocity. Additionally, you will serve as the frontline for external defenses, monitoring bug bounty pipelines and external reports to triage and respond to findings with professional precision.

Key Responsibilities

• Collaborative Penetration Testing (AWS & GCP): Work in tandem with a peer pentester to conduct deep-dive penetration tests of our products across our multi-cloud environment.
• Control Plane: Review IAM policies, service configurations, and cloud-native permission structures.
• Data Plane & Web UI: Execute dynamic testing against web interfaces and API endpoints.
• Infrastructure Review: Assess the security posture of a hybrid infrastructure that mixes containers and Virtual Machines (VMs).
• Vulnerability Reporting & Advisory: Triaging findings and creating clear, reproducible proofs-of-concept (PoCs). Collaborating with Product Teams to explain the risk. Your role is to ensure the product team understands what to fix.
• AI-Augmented Security Assessments: Actively utilize AI and LLMs to automate reconnaissance, generate attack vectors, analyze configurations, and draft vulnerability reports. Fluency in prompt engineering for security contexts is essential.
• Pipeline Management: Monitor bug bounty pipelines and external reports, validating findings and managing researcher communication.

Required Skills & Qualifications

• Multi-Cloud Fluency: Deep architectural understanding of GCP and AWS. Capable of pivoting between providers, performing manual configuration reviews of complex IAM/Resource hierarchies, and leveraging native APIs or modern CSPM frameworks.
• Container Security: Proven experience auditing and hardening managed container services (GKE Autopilot/Standard, EKS, ECS) and self-hosted/unmanaged workloads (K8s, k3s, OCI-runc).
• AI Tooling: Demonstrated ability to integrate AI/LLM tools (e.g., Gemini, Claude) into the pentesting lifecycle.
• Web Application Security: Expert-level knowledge of web application security.