Offensive Security Specialist (Red Team)

About the Role:

===================

Deel is seeking a highly skilled Offensive Security Specialist with deep experience in web, mobile, network, infrastructure, and cloud penetration testing, as well as designing and executing end-to-end red and purple team engagements. In this role, you will craft and execute offensive security initiatives that continually challenge our defenses. This role isn't your typical penetration testing job - it's an opportunity to engage broadly and deeply, devise innovative attack emulations, work in close partnership with the blue team, engineering, and influence strategic security improvements across the organization.

The primary focus of this position is on continuously testing the security of our products. These systems are high-value targets because they are rapidly evolving and present large, diverse attack surfaces. You will play a crucial role in securing our web and mobile applications by hunting vulnerabilities that emerge from the complex interactions between applications and the infrastructure that powers them. You'll have the chance to not only find vulnerabilities, but also actively drive their remediation, automate offensive techniques using cutting-edge technologies, and leverage your unique attacker perspective to shape our security strategy.

Responsibilities:

• Perform comprehensive penetration testing on our diverse suite of products and services to uncover security flaws before adversaries can exploit them.

• Design and execute adversary emulation engagements aligned with the MITRE ATT&CK framework and real-world tactics, techniques, and procedures (TTPs) to ensure our simulations mirror actual threat actors.

• Continuously hunt for vulnerabilities across our web and mobile applications, as well as within our underlying infrastructure and cloud environments, proactively identifying security vulnerabilities.

• Perform specialized penetration testing on AI-based systems and platforms, evaluating the security of machine learning applications and related technologies for novel vulnerabilities.

• Conduct targeted cyber threat intelligence research to inform offensive operations, ensuring that red team scenarios are based on current and relevant threat actor behaviors and support investigations.Design and execute phishing campaigns and other social engineering exercises to test and improve organizational awareness and resilience against human-focused attacks.

• Develop custom exploits, tools, and automation to enhance red team operations, enabling more efficient and stealthy attack simulations and the ability to bypass advanced security controls.

• Conduct purple team operations that simulate realistic attack scenarios to test our organization’s detection and response capabilities.

• Partner with defensive security and engineering teams to translate findings into measurable security improvements - Enhancing detection, response, and mitigation capabilities; driving timely remediation through robust fixes and delivering clear, actionable communications that articulate risk, impact, and required change.

• Influence the organization’s security strategy by providing attacker-minded insight into risk assessment and threat modeling, helping to reprioritize security initiatives based on real-world attack trends.

• Contribute to the continuous improvement of the offensive security program, refining our red team methodologies, playbooks, and tools, and mentoring others in advanced attack techniques.

Qualifications:

• 5+ years of hands-on experience in Red Teaming, Offensive Security, or Penetration Testing (or exceptional accomplishments that demonstrate equivalent expertise).

• Deep expertise in offensive security operations within modern and cutting-edge technology environments, with a history of simulating sophisticated threats against complex systems.

• Experience designing, developing, or assessing the security of a wide range of systems, including web and mobile applications, network and cloud infrastructure, microservices, and AI-powered platforms.

• Demonstrated mastery in evaluating complex technology stacks, including containerized and Kubernetes environments, CI/CD pipelines, various operating systems, cutting-edge technologies, and AI-powered platforms and systems.

• Strong understanding of trust boundaries and dynamic risk assessment, with the intuition to identify where security assumptions break down in complex, evolving architectures.

• Coding and scripting skills, with the ability to develop robust custom tools and automation to support offensive operations.

• Ability to communicate complex technical concepts to diverse audiences effectively, including through compelling storytelling and narrative techniques to convey the implications of security issues.

• Proven track record of not only discovering critical vulnerabilities but also driving their remediation, contributing fixes or mitigation strategies in complex codebases.

Helpful points:

• Prior experience in fast-paced technology environments, demonstrating adaptability and broad exposure to modern development practices, including cutting-edge technology.

• Ability to learn and adapt quickly to new languages, frameworks, and technologies, staying effective in ever-changing technical landscapes.

• Experience supporting security incident investigations and contributing threat intelligence insights, showing an ability to connect offensive findings to real-world threats and inform defensive strategies.

• Strong communication skills with the ability to translate technical findings into business risks, effectively articulating why a vulnerability matters in terms of impact and urgency.

• Familiarity with AI systems and their security considerations, or a background in AI/machine learning, is a plus given our use of advanced AI technologies.

• Relevant security certifications (e.g., OSCP, OSCE, OSEP, GIAC GPEN/GXPN, etc.) are a plus, indicating a solid foundational knowledge and commitment to the offensive security field.

Total Rewards

Our workforce deserves fair and competitive pay that meets them where they are. With scalable benefits, rewards, and perks, our total rewards programs reflect our commitment to inclusivity and access for all. 

Some things you’ll enjoy

• Stock grant opportunities dependent on your role, employment status and location

• Additional perks and benefits based on your employment status and country

• The flexibility of remote work, including optional WeWork access

At Deel, we’re an equal-opportunity employer that values diversity and positively encourage applications from suitably qualified and eligible candidates regardless of race, religion, sex, national origin, gender, sexual orientation, age, marital status, veteran status, disability status, pregnancy or maternity or other applicable legally protected characteristics.

Unless otherwise agreed, we will communicate with job applicants using Deel-specific emails, which include @deel.com and other acquired company emails like @payspace.com and @paygroup.com. You can view the most up-to-date job listings at Deel by visiting our careers page_.

_Deel is an equal-opportunity employer and is committed to cultivating a diverse and inclusive workplace that reflects different abilities, backgrounds, beliefs, experiences, identities and perspectives.

Deel will provide accommodations on request throughout the recruitment, selection and assessment process for applicants with disabilities. If you require accommodations, please inform our Talent Acquisition Team via this link and a team member will be in touch to ensure your equal participation. If you have difficulty accessing the form, please email at recruiting@deel.com.

As part of our hiring process, we primarily rely on interviews and role-related assessments. In limited cases, we may also consider informal background information relevant to the role, in line with our privacy and fairness obligations.

This application process may utilise Automated Employment Decision Tools (AEDT) and AI systems to assist in evaluating candidates based on experience level, technical skills and qualifications. As a fully remote company, we also utilise AI-powered deepfake and fraud detection technologies to verify the authenticity of candidate identities and interactions during assessments and interviews. This processing is conducted in compliance with applicable Data Protection, AI Governance and Labour Laws. We ensure human oversight is maintained in all final hiring decisions. Your personal data is not used to train AI models. For more information on on how we process your personal data, please see our Privacy Policy.

• For NYC Residents: In accordance with NYC Local Law 144, an independent bias audit has been conducted on AEDT; results are available at Ashby, Covey.