Offensive Security Engineer
On-site · Chicago, Illinois, United States or New York City, New York, United States
Job Summary
Plan, scope, and execute penetration testing engagements across web, API, cloud, infrastructure, thick-client, and mobile environments; collect prerequisites and approvals; perform manual and automated testing to identify vulnerabilities; document findings with risk assessments and remediation recommendations; conduct peer reviews; collaborate with development, infrastructure, and security teams; stay current on threats and improve testing methodologies; targeting banking applications and platforms; 5+ years of hands-on penetration testing; OSCP/OSWE or similar certifications preferred.
Required Qualifications
- 5+ years of hands-on penetration testing experience in offensive security
- expertise in manual penetration testing of web, API, cloud, infrastructure, thick-client, and/or mobile applications
- experience with industry-standard tools (Burp Suite, Nmap, Metasploit, etc.)
- strong understanding of OWASP Top Ten, NIST CSF, and related standards
- ability to articulate systemic security issues and remediation recommendations
- excellent written and verbal communication for reports and stakeholder presentations
- experience conducting peer reviews and mentoring junior testers
- continuous learner of offensive security trends and techniques
- preferred knowledge of US financial services regulations and risk management
- security-focused code review experience (Python, Java, Rust)
- reverse engineering of thick-client and mobile apps
- relevant certifications such as OSWE, CREST, OSCP, OSCE, GXPN, GWAPT, GPEN, GMOB, BSCP
Apply with one swipe on Sorce. We auto-fill applications and apply on your behalf — no cover letters, no 40-minute forms.
Hiring someone like this?
Get your role in front of qualified candidates on Sorce.