Senior Offensive Security Engineer
- Bangalore · Hybrid
- Full-time
Lead web, API, and cloud engagements end to end. Deep WSTG / ASVS / ATT&CK chops expected.
We hire practitioners who teach, write, and ship. Open roles below — or reach out even if nothing fits.
Choose your practice
Six opportunities across continuous testing, red team, product, AI, cloud, and security research.
Lead web, API, and cloud engagements end to end. Deep WSTG / ASVS / ATT&CK chops expected.
Full kill-chain emulation — phishing through objective execution. EDR bypass and detection-engineering dialog.
Threat modeling, secure design review, SAST/DAST tuning, security-champion enablement with our customers' eng teams.
Prompt injection, agent tool-use exploitation, RAG data exfil, multi-agent compromise. Write, teach, publish.
AWS / Azure / GCP IAM graphing, Kubernetes RBAC / admission, policy-as-code for customer IaC.
Zero-day research, internal tooling, conference talks, CVE publication — 40% of time is dedicated research.
Operator support
How we support the people delivering engagements, publishing research, and improving the practice.
M-series MacBook Pro, 4K external, ergonomic chair. Hardware is never the blocker.
$4,000/yr per engineer for courses, conferences, certs. SANS and Offensive Security as defaults.
Top-tier health insurance for you and immediate family in both India and US.
Offices are optional. We hire where the talent is — and we come together three times a year.
Fridays are for research. Published write-ups, OSS, CVE disclosures get bonus spiffs.
Banded, published, tied to level — no salary-negotiation theater.
Hiring path
Typically two to three weeks end-to-end. We tell you where you stand at each step.
Step 1 / 5
30 min with the hiring manager. Role scope, your trajectory, mutual fit.
Step 2 / 5
90 min. Walk through a recent engagement, PoC code-read, methodology questions.
Step 3 / 5
A bounded scenario (CTF-adjacent). Your approach matters more than the flag.
Step 4 / 5
Two team members. Teaching, writing, and collaboration signals.
Step 5 / 5
We decide within 3 business days. No ghosting. No BS.
General applications
Send us a short note with your best published work. We want to see how you investigate, explain, and build.
careers@pentstark.com