arcus search company
Offensive Security Engineer (freelance)
Sector: Financial Services
Location: Fully remote (within Poland)
Type: B2B Freelance contract
Duration: 6 months (extensions available for 2+ years)
Rate: Market rate (competitive)
What You Will Do
As a Senior Offensive Security Engineer, you will be at the forefront of safeguarding our digital infrastructure and customer data. This position demands a blend of hacking skills, creativity, and a deep understanding of cyber threats. You will simulate sophisticated cyber attacks to identify vulnerabilities, ensuring our resilience against real-world threats. Collaborating with cross-functional teams, you will provide actionable insights to fortify our security posture.
• Conduct white-box and black-box penetration testing against internal and public-facing applications and assets
• Manage, triage, and investigate Bug Bounty submissions and external pentest findings
• Perform variant analysis on issues discovered through all channels
• Research and perform security analyses on our 3rd-party solutions
• Develop tooling to support reconnaissance, automation, and metrics collection
• Provide expert guidance to developers, other product security teams, and the SOC in investigating issues
• Spread awareness of offensive security practices via demos, workshops, and training
• Assess the security of our tech stack through whatever means are best suited
• Define what we focus on to provide the most value
• Help further mature the security program
Who You Are
• Strong experience with penetration testing and other technical security assessments
• Experience identifying security issues in code, particularly within Java and Node.js
• Experience with cloud environments, particularly AWS and modern micro-service design principles
• Comfortable communicating findings clearly and effectively, with concrete remediation recommendations beyond simple issue reporting
• Comfortable scripting and contributing to larger projects in Python
• Able to take the initiative and be comfortable taking on projects that contribute to the larger security culture and posture
• Industry recognized certifications, e.g., OSCP, OSWE, CREST, GIAC, AWS, et. al
• CTF Participation and active contributions to the cybersecurity community
