Offensive Security Lead

you will architect our security testing strategy from the ground up, conduct sophisticated manual penetration tests, and serve as the expert consultant to all engineering teams on how to build secure code. You will be responsible for breaking our systems before the bad guys do, safeguarding our assets, our clients' assets, and our reputation.

## 2. Key Responsibilities

• Lead Offensive Security and Penetration Testing :
• Architect and own the end-to-end security testing strategy, including manual penetration testing, dynamic application security testing (DAST), and static application security testing (SAST).
• Conduct hands-on, expert-level penetration tests against our web applications, APIs, mobile apps, and cloud infrastructure, focusing on the OWASP Top 10 and financial-specific attack vectors.
• Cloud and Infrastructure Security Assessment :
• Lead security reviews and configuration audits of our cloud environment (AWS / GCP / Azure) and our Kubernetes (K8s) infrastructure.
• Analyze our Infrastructure as Code (Terraform) for security misconfigurations and vulnerabilities.
• Smart Contract Security Review :
• Collaborate with the blockchain engineering team to conduct internal security reviews of smart contracts, identifying potential vulnerabilities before they go to external audit.
• Review systems for financial logic flaws, such as reward-spoofing or withdrawal validation issues.
• Vulnerability Management and Remediation Guidance :
• Triage, validate, and prioritize vulnerabilities discovered through testing.
• Work directly with development teams to provide clear, actionable guidance on remediation and re-test fixes to ensure they are effective.
• Automate and Integrate Security Testing :
• Lead the effort to integrate automated security testing tools and checks into our CI / CD pipelines, enabling a DevSecOps culture.

## 3. Required Qualifications

###

• Must-Have :
• Professional Experience :
• 4+ years of experience in a dedicated cybersecurity role, with a minimum of 4+ years focused on hands-on offensive security and penetration testing.
• Penetration Testing Mastery :
• Expert-level proficiency with industry-standard penetration testing tools (e.G., Burp Suite Pro, Metasploit, Nmap) and methodologies.
• Application Security Expertise :
• Deep knowledge of web and mobile application security, API security, and the OWASP Top 10 vulnerabilities.
• Cloud & Container Security :
• Proven experience performing security assessments of cloud environments and containerized / Kubernetes workloads.
• Offensive Security Certification :
• At least one high-level offensive security certification is required, such as
• OSCP, OSCE, GXPN, or GPEN
• Systems Thinking :
• A strong ability to understand complex, distributed systems and reason about where security weaknesses are likely to exist.

###

• Nice-to-Have (Highly Desirable) :
• Financial Services / FinTech Experience :
• Direct experience testing banking, trading, or payment platforms, with an understanding of financial fraud and attack vectors.
• Smart Contract Auditing :