Senior Application Security Engineer (Offensive / Red Team) in United States at Jobgether

This position is posted by Jobgether on behalf of a partner company. We are currently looking for a Senior Application Security Engineer (Offensive / Red Team) in United States.

This is a unique opportunity for an experienced offensive security professional to play a pivotal role in strengthening a mature and evolving cybersecurity program. Combining red teaming, application security, threat modeling, and purple team collaboration, this position focuses on proactively identifying vulnerabilities and transforming findings into meaningful security improvements. You will work closely with engineering, security, DevOps, and business stakeholders to enhance resilience across applications and infrastructure while helping development teams adopt secure coding practices. The role offers significant ownership, technical depth, and visibility, making it ideal for someone who enjoys both hands-on security testing and strategic security leadership. Operating within a collaborative and innovation-driven environment, you will help shape security capabilities that directly influence organizational risk management and long-term security maturity.

• Lead offensive security assessments against critical applications and supporting infrastructure through penetration testing, adversary emulation, vulnerability exploitation, and red team engagements.
• Collaborate closely with defensive security teams to conduct purple team exercises that strengthen detection capabilities, incident response effectiveness, and overall security posture.
• Leverage AI and large language model technologies to enhance offensive security workflows, including reconnaissance, code review, payload generation, testing automation, and vulnerability research.
• Monitor emerging threat actor techniques and evolving AI-driven attack methodologies to improve testing strategies and defensive recommendations.
• Manage bug bounty activities, including vulnerability triage, risk assessment, remediation guidance, validation, and program optimization.
• Identify, assess, prioritize, and support remediation of application security vulnerabilities through hands-on testing and risk-based analysis.
• Conduct threat modeling exercises and security risk assessments to help prioritize security investments and reduce exposure.
• Partner with incident response teams to investigate application-related security events, reproduce attack scenarios, and support containment and remediation efforts.
• Contribute to secure software development lifecycle initiatives by integrating security practices into development workflows, CI/CD pipelines, and engineering processes.
• Perform security-focused code reviews and provide guidance on secure architecture, secure coding practices, and vulnerability remediation.
• Mentor security engineers and developers while serving as a trusted technical advisor across multiple teams and business functions.
• Drive continuous improvement by researching emerging threats, offensive techniques, security tools, and industry best practices.

Requirements:

• Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related technical discipline, or equivalent practical experience.
• Proven experience performing offensive security assessments, web application penetration testing, red team operations, or similar hands-on security engagements.
• Strong understanding of modern attack techniques, adversary tactics, and offensive security methodologies.
• Experience using AI and LLM technologies to support security testing, vulnerability research, or offensive security operations.
• Proficiency in at least one modern programming language, preferably Java, with the ability to review and assess code across multiple languages and frameworks.
• Advanced expertise with security testing tools, including Burp Suite Pro and related offensive security toolsets.
• Strong knowledge of application security principles, secure coding practices, software vulnerabilities, and remediation strategies.
• Experience conducting threat modeling, risk assessments, and security architecture reviews.
• Familiarity with bug bounty programs, vulnerability management processes, and responsible disclosure workflows.
• Understanding of security tooling such as SAST, DAST, IAST, SCA, and related application security technologies.
• Experience collaborating with engineering, DevOps, security operations, and incident response teams.
• Strong scripting and automation skills using languages such as Python, Bash, or similar technologies.
• Excellent communication, documentation, and stakeholder management abilities.
• Relevant security certifications such as OSCP, OSEP, CRTO, OSWA, OSWE, GWAPT, or similar credentials are highly desirable.
• Experience participating in CTFs, bug bounty programs, security research, or community security initiatives is considered a strong advantage.

Benefits:

• Competitive salary package with location-based compensation ranging from approximately $120,250 to $181,250 annually, depending on location and experience.
• Eligibility for performance-based bonus incentives.
• Comprehensive medical, dental, and vision healthcare coverage.
• 401(k) retirement savings program.
• Flexible remote work arrangement within eligible U.S. states.
• Opportunity to work on cutting-edge offensive security initiatives and emerging AI-driven security challenges.
• Exposure to highly collaborative cross-functional teams across engineering, security, and business operations.
• Professional development opportunities, including advanced security research and technical growth.
• Access to additional employee perks, wellness programs, and company-sponsored benefits.
• Inclusive workplace culture that values innovation, collaboration, and continuous learning.