Back to all positions

Offensive Security Engineer

EngineeringRemote (US)Full-time

About the Role

We're seeking an exceptional Offensive Security Engineer to join our fast-growing startup and help shape the future of security testing. This role uniquely combines traditional penetration testing excellence with cutting-edge AI/LLM security expertise. You'll conduct sophisticated manual penetration tests while also working alongside our automated agentic red teaming systems, bridging the gap between human expertise and AI-driven security assessment.

What You'll Do

Core Responsibilities

  • Execute comprehensive, white-glove manual penetration tests across web applications, APIs, cloud infrastructure, and network environments
  • Review, validate, and enhance findings generated by our agentic red teaming platform
  • Develop custom exploits, tools, and methodologies to identify complex security vulnerabilities
  • Contribute to the development of security-focused software and tooling within our engineering team
  • Collaborate with our engineering team to improve and refine our automated security testing capabilities
  • Produce detailed, actionable security assessment reports with clear remediation guidance
  • Partner with customer engineering teams to ensure security findings are properly understood and addressed
  • Research emerging attack vectors, particularly those involving AI/LLM systems and applications

Technical Leadership

  • Drive innovation in offensive security methodologies, especially at the intersection of traditional pentesting and AI-assisted security assessment
  • Mentor team members on advanced penetration testing techniques
  • Contribute to the company's security strategy and roadmap
  • Participate in the continuous improvement of our security testing frameworks and processes

What We're Looking For

Required Qualifications

  • 3+ years of professional penetration testing or offensive security experience with a proven track record of identifying critical vulnerabilities
  • Hands-on experience with AI/LLM security, including prompt injection, model manipulation, data poisoning, or other AI-specific attack vectors
  • Strong software engineering skills with proficiency in at least two programming languages, including TypeScript
  • Deep understanding of OWASP Top 10, MITRE ATT&CK framework, and modern attack methodologies
  • Experience with common penetration testing tools (Burp Suite, Metasploit, Cobalt Strike, custom tooling)
  • Experience in at least two of the following domains:
    • Web application security
    • Cloud security (AWS, Azure, GCP)
    • Network penetration testing
    • API security testing

Preferred Qualifications

  • Experience building or contributing to security tools and frameworks
  • Knowledge of machine learning security, adversarial ML, or AI red teaming
  • Relevant certifications (OSCP, OSWE, OSEP, GPEN, or equivalent)
  • Experience with container security and Kubernetes environments
  • Background in vulnerability research or exploit development
  • Contributions to open-source security projects
  • Experience working in fast-paced startup environments

Skills & Attributes

  • Hacker mindset: Creative, persistent, and always thinking outside the box
  • Technical depth: Ability to dive deep into complex systems and understand their security implications
  • Communication excellence: Can translate technical findings into business risk for various stakeholders
  • Self-directed: Thrives in a startup environment with minimal supervision
  • Continuous learner: Passionate about staying current with evolving threats and technologies
  • Collaborative spirit: Works effectively with cross-functional teams including engineers, product managers, and leadership

What We Offer

  • Remote-first culture: Work from anywhere within the United States
  • Competitive compensation
    • Base salary: $200,000
    • Equity package with high growth potential
  • Cutting-edge work: Be at the forefront of AI-assisted security testing
  • Growth opportunities: Shape the security posture of a rapidly scaling startup
  • Learning budget: Annual allocation for training, certifications, and conferences
  • Modern tech stack: Access to the latest tools and technologies
  • Impact: Your work directly influences product security and customer trust
  • Collaborative environment: Work alongside talented engineers and security professionals

About Our Security Philosophy

Our mission is to make all software effortlessly secure. We believe the future of security testing lies at the intersection of human expertise and AI capabilities. Our offensive security engineers don't just find vulnerabilities; they help build the next generation of security assessment tools. You'll work in an environment that values both deep technical skills and creative problem-solving, where your insights directly shape how we approach security challenges.

Interview Process

  1. Initial conversation with one of our founders (30 minutes)
  2. Technical assessment including a practical security challenge (1-2 hours, completed on your schedule)
  3. 1 week work trial (paid)

How to Apply

Please submit your resume to careers@casco.com along with:

  • A brief cover letter explaining your interest in combining offensive security with AI/LLM technologies
  • Examples of your most impactful security findings or research (sanitized as needed)
  • Any relevant open-source contributions or security tools you’ve developed
  • Your thoughts on the future of AI in security testing (optional but appreciated)

We are an equal opportunity employer committed to building a diverse and inclusive team. We encourage applications from candidates of all backgrounds and experiences.

Must be authorized to work in the United States. This position does not sponsor visa applications.

Ready to Apply?

Join us in building the future of AI security. We'd love to hear from you!

Apply for this Position
Casco