Sr. Offensive Security Engineer

Senior Offensive Security Engineer responsible for full-scope adversary emulations across SPAN's cloud, web/mobile apps, APIs, and corporate IT infrastructure; lead Technical Incident Response lifecycle during security events; translate offensive findings into proactive detection rules and hardening requirements; own the vulnerability disclosure pipeline (VDP) and liaison with external researchers; build automated security-testing tools and runbooks; leverage MITRE ATT&CK to test live detection capabilities and IR readiness; develop post-incident forensics, IoC timelines, and post-incident reviews. Must have hands-on experience in cloud security (Docker/Kubernetes, IAM), web/API security (OWASP Top 10), scripting in Python/Go/Bash, and a track record of identifying critical vulnerabilities through bug bounties or VDPs. Location: San Francisco, CA; full-time role with competitive compensation and equity.