Skip to content
TwilioTwilioUnited States

Staff Engineer

Technical lead performing advanced offensive security work including full-stack pentesting, red team operations, custom exploit development, AI/LLM red teaming, and bug bounty management. Requires 7-10 years experience, deep expertise in MITRE ATT&CK and OWASP, and proficiency with industry tools and scripting.

156k – 229k
Remote7+ YOESecurity Engineering

About the role

Responsibilities

  • Perform full-stack penetration testing: manual and automated testing of web applications, APIs, and mobile apps (iOS/Android).
  • Conduct internal/external network audits and cloud level assessments.
  • Triage and validate vulnerability reports from automated scanners or bug bounty hunters; eliminate false positives and escalate true positives.
  • Perform initial prompt injection and jailbreak tests on AI prototypes, services, and applications using OWASP Top 10 for LLMs checklists.
  • Draft high-quality technical reports detailing the "path to compromise" with reproducible steps.
  • Manage and update team's testing infrastructure (e.g., Burp Suite, basic C2 listeners).
  • Provide direct technical guidance to engineering teams on patching vulnerabilities such as XSS, SQLi, and IDOR.
  • Design and lead multi-week Red Team operations mimicking specific threat actors (APTs) to test SIRT detection capabilities.
  • Build custom payloads, droppers, and obfuscated scripts to bypass EDR/AV and maintain stealth.
  • Build automated testing frameworks for AI systems (e.g., using PyRIT, Promptfoo, or Garak) to test for sensitive data leakage.
  • Execute sophisticated attacks against AWS/Azure/K8s, focusing on IAM misconfigurations and container escapes.
  • Collaborate with SIRT and Detection Engineering in Purple Teaming to tune SIEM alerts.
  • Oversee the organization's bug bounty program, identifying trends to suggest architectural security changes.

Requirements

  • 7-10 years in offensive security, penetration testing, high-volume bug bounty, AppSec, or vulnerability exploitation.
  • Track record of finding high/critical vulnerabilities in complex environments using pentesting commercial or custom tools.
  • Expert knowledge of MITRE ATT&CK matrix, OWASP Top 10 for web applications and LLMs, post-exploitation (lateral movement, persistence, data exfiltration), and Adversarial ML.
  • Proficient in tools like Burp Suite Professional, Nmap, Metasploit, Wireshark, AI security tools (LangChain, TensorFlow for adversarial testing), and C2 frameworks (Cobalt Strike, Sliver, Havoc).
  • Ability to write functional scripts in Python or Bash to automate testing; proficiency in Python, C++ for creating custom offensive exploits that avoid signature-based detection.
  • Advanced industry certifications such as OSCP, OSEP, OSWE, GXPN or similar (highly desirable).
  • Excellent written and verbal communication skills.
  • Ability to influence and build effective working relationships with all levels of the organization.

Nice-to-Haves

  • Telecom expertise.
  • Proficiency in multiple languages applicable to the region.
  • Familiarity with localization tactics.

Skills

Offensive SecurityPenetration TestingBurp SuiteMetasploitNmapWiresharkCobalt StrikePythonC++Mitre Att&CkOwasp Top 10Red TeamPurple TeamAWSKubernetes
Shield AI

Senior Staff Cybersecurity Engineer, Platform Security

Shield AISan Diego, CA

Senior technical owner building secure-by-default infrastructure, IaC modules, policy-as-code guardrails, and CI/CD security tooling for cloud and platform engineering teams.

160k – 240k
On-site7+ YOESecurity Engineering
LiveKit

Staff Security Engineer

LiveKitUnited States

Staff Security Engineer owns security across applications, infrastructure, and workflows at LiveKit. Requires 6+ years software engineering experience, hands-on security expertise in cloud/container environments, threat modeling, and incident response.

150k – 250k
Remote6+ YOESecurity Engineering
ezCater

Staff GRC Engineer

ezCaterUnited States

Senior individual contributor leading GRC program maturity, control automation, data security governance, and AI governance for a SaaS food tech platform. Requires 8+ years in security compliance with strong automation and cross-functional influence skills.

165k – 210k
Remote8+ YOESecurity Engineering
Huntress

Staff Cloud Security Engineer

HuntressUnited States

Designs and implements secure cloud architectures for AWS and Azure, integrates security into DevSecOps pipelines, manages vulnerabilities, and leads threat detection/response for a B2B SaaS cybersecurity platform. Requires deep cloud expertise and SaaS production security experience.

165k – 193k
RemoteSecurity Engineering
NinjaTrader

Staff Cloud Security Engineer

NinjaTraderChicago, IL

Senior individual contributor owning cloud security architecture and guardrails for GCP workloads at a fintech trading platform. Leads threat modeling, edge defenses with Cloudflare/Armor, policy-as-code, incident response, and compliance controls while mentoring engineers.

145k – 195k
Hybrid8+ YOESecurity Engineering