Role Description We are actively hiring an Offensive Security Engineer to work on real-world security testing and automation across modern systems. This role is ideal for candidates with a strong foundation in penetration testing who want to expand into automation, tooling, and advanced offensive security practices. You will work on practical security challenges — not just scanning tools — and contribute to improving security at scale. Responsibilities - Perform security testing across web applications, APIs, and infrastructure - Develop scripts and tools (Python, Bash, etc.) to automate testing workflows - Identify, validate, and analyze vulnerabilities - Support internal offensive security initiatives and tooling - Collaborate with engineering teams to improve system security - Contribute to improving detection and response capabilities Qualifications - 2–5 years of experience in penetration testing or security engineering - Basic to intermediate scripting skills (Python, Bash, or similar) - Strong understanding of web security (OWASP Top 10 and beyond) - Familiarity with Linux systems and networking concepts - Strong analytical and problem-solving mindset Requirements - Nice to Have - Experience building security tools or automation - Exposure to cloud security or DevSecOps environments - Experience with real-world testing or bug bounty programs Work Setup - Full-time - Remote (Worldwide) Company Description Join our team at Sentrabyte Digital Solusi and embark on a journey of growth and innovation.

Role Description As an Offensive Security Engineer on the Proactive Threat team, you will simulate the tactics, techniques, and procedures (TTPs) of real-world adversaries to uncover security risks across Stripe's products and infrastructure. You'll conduct hands-on penetration testing, lead red team engagements, and collaborate with blue team counterparts to validate and improve detection and response capabilities. Your work will directly influence how Stripe builds, ships, and secures financial infrastructure used by millions of businesses worldwide. Beyond assessments, you'll design and build offensive tooling and automation that amplifies the team's impact. You'll leverage threat intelligence to prioritize testing efforts, contribute to incident investigations when needed, and act as a subject-matter expert for security initiatives across the company. Responsibilities - Conduct comprehensive penetration tests across web applications, APIs, cloud environments (AWS/GCP/Azure), mobile applications, and internal infrastructure. - Plan and execute red team engagements that emulate the TTPs of cyber and criminal threat actors targeting financial services, including initial access, lateral movement, persistence, and data exfiltration scenarios. - Perform assumed-breach and objective-based assessments to test detection and response capabilities in coordination with defensive teams. - Partner with detection engineering, threat intelligence, and incident response teams to validate security controls, identify coverage gaps, and improve detection fidelity. - Contribute adversary tradecraft insights to inform detection rule development, threat hunting hypotheses, and incident response playbooks. - Support incident investigations by providing offensive expertise, log analysis, and root cause analysis when required. - Design, develop, and maintain custom offensive tools, scripts, and automation frameworks to enhance assessment efficiency and coverage. - Build internal platforms and workflows that enable scalable, repeatable offensive operations. - Contribute to internal security tooling repositories and champion engineering best practices within the team. - Automate repetitive testing tasks, payload generation, and reporting workflows using modern development practices. - Produce clear, actionable reports that communicate technical findings, business risk, and remediation guidance to both technical and non-technical stakeholders. - Act as a subject-matter expert and primary point of contact for stakeholder teams engaged in offensive security programs and Stripe-wide security initiatives. - Lead offensive security projects end-to-end, mentor junior team members, and foster a culture of continuous learning and knowledge sharing. - Stay current with emerging threats, vulnerabilities, and attack techniques; share research internally and contribute to the broader security community. Qualifications - 5+ years of experience in offensive security, penetration testing, red teaming, or a related field. - Strong programming skills in Python, Go, or similar languages, with demonstrated experience building tools, automation, or custom exploits. - Deep knowledge of web application security, including OWASP Top 10, ASVS, and common vulnerability classes (injection, auth flaws, business logic, etc.). - Hands-on experience with cloud platforms (AWS, Azure, or GCP), including cloud-native attack techniques and misconfigurations. - Proficiency with offensive tooling such as Burp Suite, Cobalt Strike, Mythic, Sliver, BloodHound, or similar frameworks. - Familiarity with adversary tradecraft and frameworks such as MITRE ATT&CK, including TTPs for initial access, privilege escalation, lateral movement, and exfiltration. - Excellent written and verbal communication skills, with the ability to translate complex technical findings into clear, risk-based recommendations. - Ability to think like an adversary — creative, persistent, and able to holistically assess risk in complex environments. Preferred Qualifications - Experience conducting offensive security in fintech, financial services, or other highly regulated environments. - Background in vulnerability research, exploit development, or CVE discovery. - Experience collaborating with threat intelligence, detection engineering, or incident response teams (purple team operations). - Familiarity with big data and log analysis tools (Splunk, Databricks, PySpark, osquery, etc.) for threat hunting or investigative support. - Proficiency with AI/LLM-assisted development tools (e.g., Claude Code, Cursor, GitHub Copilot) and experience applying them to offensive security workflows. - Interest or experience in agentic automation — using LLMs or autonomous agents to augment reconnaissance, vulnerability discovery, or exploitation workflows. - Experience testing AI/ML systems or LLM-based applications for security weaknesses (prompt injection, training data extraction, model manipulation, etc.). - Contributions to open-source security tools, published research, blog posts, or conference presentations. - Relevant certifications such as OSCP, OSWE, OSEP, OSED, CRTO, CPTS, PNPT, GXPN, or cloud security certifications.

Role Description You will design, build, and maintain detections that identify malicious activity across Stripe's infrastructure, applications, and cloud environments. You'll leverage your understanding of attacker TTPs — from initial access through exfiltration — to develop detection logic that catches real threats while minimizing noise. Beyond writing detections, you'll conduct threat hunts, perform malware analysis, and build automation that enables detection engineering at scale. Responsibilities - Design, build, and tune high-fidelity detections across modern SIEM platforms, covering adversary TTPs across the full attack lifecycle. - Develop detection hypotheses by researching TTPs, identifying evidence sources, and determining detection opportunities across available telemetry. - Conduct hypothesis-driven threat hunts to identify malicious activity, uncover detection gaps, and validate security controls. - Perform malware analysis and reverse engineering to extract indicators and inform detection strategies. - Build network-based detections (flow, pcap, protocol analysis) and endpoint-based detections (event logs, EDR telemetry, memory/file artifacts) across Windows, Linux, and macOS. - Partner with Threat Intelligence to operationalize intel reports into detections, hunting leads, and enrichment logic. - Collaborate with IR, SOC, and offensive security teams to validate and refine detections based on real-world incidents and red team exercises. - Build data pipelines, automation, and tooling that enable detection-as-code practices and scalable deployment. - Map detection coverage to MITRE ATT&CK, identifying and prioritizing gaps across key attack surfaces. - Lead projects, mentor teammates, and champion quality standards within the team. Qualifications - 5+ years of experience in detection engineering, threat hunting, or security operations. - Demonstrated experience writing detection logic in modern SIEM platforms (e.g., Splunk, Chronicle, Elastic, CrowdStrike NG-SIEM, Panther, Microsoft Sentinel). - Strong understanding of adversary tradecraft across the attack lifecycle: initial access, privilege escalation, lateral movement, defense evasion, persistence, and exfiltration. - Ability to extract TTPs from threat intelligence reports and translate them into detection opportunities. - Experience developing network-based and endpoint-based detections across multiple OS platforms (Windows, Linux, macOS). - Experience analyzing telemetry across endpoint, network, cloud (AWS/GCP/Azure), identity, and application log sources. - Proficiency in detection/query languages (SPL, KQL, EQL, YARA-L, SQL) and programming (Python or similar). - Strong communication skills with the ability to document detection logic and explain findings to technical and non-technical audiences. - Adversarial mindset — understanding how attackers operate to build detections that catch real-world threats. Preferred Qualifications - Experience in detection engineering or threat hunting within fintech, financial services, or highly regulated environments. - Background in malware analysis, reverse engineering, or threat research. - Experience with purple team operations — collaborating with offensive security to validate detections. - Familiarity with big data platforms (Databricks, Trino, PySpark) for large-scale log analysis. - Proficiency with AI/LLM-assisted development tools (Claude Code, Cursor, GitHub Copilot) applied to detection workflows. - Interest in agentic automation — using LLMs to augment hunting, tuning, or triage. - Experience with detection validation tools (Atomic Red Team, ATT&CK Evaluations). - Contributions to open-source detection content, research, or conference presentations. - Relevant certifications such as HTB CDSA, GCIH, GCFA, GNFA, OSCP, TCM PMAT, or GREM.

At CDW, we make it happen, together. Trust, connection, and commitment are at the heart of how we work together to deliver for our customers. It’s why we’re coworkers, not just employees. Coworkers who genuinely believe in supporting our customers and one another. We collectively forge our path forward with a level of commitment that speaks to who we are and where we’re headed. We’re proud to share our story and Make Amazing Happen at CDW. Job Summary CDW Security is the business unit within CDW, Inc. built to help customers feel confident as they address security challenges and strive for impactful business outcomes. We maintain industry-leading expertise in the areas of strategy, risk, compliance, identity and access management, data privacy, secure infrastructure, and workforce development, to name a few. The products and services related to this expertise provide CDW clients everything needed to develop and mature effective security programs. As part of the Security Solutions Executive team, you will be responsible for selling security services and products. The Security Solutions Executive is expected to enhance CDW Security’s presence, market share, and revenue growth in the cybersecurity market. Specifically, you will support the sales team with full sales lifecycle management through strategic account planning, research, opportunity management, relationship-building, partnering with services teams and OEM vendors, pursuit, and closure. Your skilled experience will enable you to quickly embrace CDW Security’s integrated sales approach, demonstrating the ability to open and manage opportunities, related to: - Identity and Access Management, Security Program Development, Privacy, Risk and Compliance, Third-Party Risk Management, Threat and Vulnerability Management, Cyber Workforce Development, Cloud Security, Secure Infrastructure, Physical Security, Emerging Security Technologies What you will do - Develop and execute successful strategies that expand CDW Security’s customer base and achieve bookings, revenue, and gross profit targets. - Establish a detailed, comprehensive understanding of all capabilities, service offerings, value proposition, market positioning, selling strategy and process, as well as key differentiators. - Cultivate productive relationships with key personnel in current and targeted accounts. - Identify, engage, qualify, develop, and earn new clients. - Manage, support, and grow relationships as part of the extended sales team with prospects and clients as a consultative seller. - Network with a broad range of client organizations and leadership in key fields, including: Information Technology, Information Security, Finance, Internal Audit, Data Privacy, Compliance, and Legal, Enterprise Risk Management, Procurement / Supply Chain Management - Proactively coordinate with other CDW Security resources to drive sales cycles, meet company objectives, and exceed client expectations. These key internal resources include Subject Matter Experts, Practice Leadership, Sales Management and Marketing. - Build strong relationships with the partner community to identify opportunities for CDW and those partners. - Understand industry landscapes and follow trends that impact our clients’ business risk, strategic decision-making, and budget planning and expenditure. - Provide accurate sales pipeline updates and forecasts. - Proactively populate and maintain all information in Salesforce. - Provide onboarding support and mentorship to entry level Security Solutions Executives. - Enhance CDW Security’s and your personal brand through participation at industry events, speaking engagements, blogging and other forms of acceptable public communication. - Proactively work with marketing to develop regional events that attract senior leadership from key accounts and prospects. What we expect of you - Bachelor’s degree in business, computer science, or related technical degree or equivalent. - 10+ years of experience identifying opportunities and full lifecycle management for security services and products and/or equivalent experience as a security practitioner. - Mastery of at least seven of the security focus areas in the security portfolio - Experience with enterprise sales, with both strategic planning and day-to-day execution. - Proven performance record with demonstrated year-over-year metrics. - Successful record of meeting or exceeding sales goals. - Ability to take personal ownership of professional goals and achieve financial targets. - Strong ambition and sense of urgency. - Energetic networker and relationship-builder. - Ability to work with and effectively coordinate across extended internal teams and partners. - Excellent, professional written and verbal communication and interpersonal skills. - Ability to travel as needed for customer meetings and to develop/maintain partner relationships. Pay range: $100,000 - $140,000, depending on experience and skill set Annual bonus target of $30,000 subject to terms and conditions of plan Additionally, uncapped commission subject to terms and conditions of plan Benefits overview: https://cdw.benefit-info.com/ Salary ranges may be subject to geographic differentials CDW is committed to being an AI-fluent organization We’re looking for people who bring curiosity, a learner’s mindset, and a willingness to engage with ever-evolving technology and tools. We value adopting AI as a partner, openness to experimentation, and a shared interest in learning together on AI. Our goal is to create a culture where AI enhances—not replaces—human creativity and decision-making. You don’t need to be an expert today; what matters is your readiness to explore, adapt, and grow with us as we integrate AI responsibly and effectively into our work. Additionally, CDW is committed to fostering an equitable, transparent, and respectful hiring process for all applicants. During our application process, our goal is to understand your experience, strengths, skills, and qualifications. As an AI forward company, we see AI not just as a tool, but as a catalyst for new ways of thinking, creating, and communicating. We encourage candidates to embrace an AI mindset, one that’s curious, adaptive, and ready to explore what’s possible. We welcome thoughtful use of AI to expand your perspective and elevate how you share your story, while ensuring your application remains rooted in your own background, judgment, and voice. About Us CDW is a Fortune 500 technology solutions provider that helps businesses, government, education, and healthcare organizations achieve what’s possible through technology. What makes CDW different isn’t just what we do—it’s how we do it. At CDW we act as one—building trust, speaking candidly, and working together to achieve more. We play to win—focusing on what matters most and delivering for our customers. And we think forward—staying curious, moving fast, and continuously learning. We believe meaningful work happens when people feel supported, heard, and empowered to contribute. That’s why we think of ourselves as coworkers, not just employees—working together to solve complex challenges and deliver real impact for our customers and communities. As a full‑stack, full‑lifecycle technology partner, CDW brings deep expertise, strong relationships, and broad industry knowledge to help turn ideas into outcomes. When you join CDW, you become part of a collaborative environment where your work matters, your growth is supported, and your contributions help shape what’s next. Together, we deliver the full promise of what technology can do. Together, we Make Amazing Happen. CDW is an equal opportunity employer. All qualified applicants will receive consideration for employment without regards to race, color, religion, sex, sexual orientation, gender identity, national origin, disability status, protected veteran status or any other basis prohibited by state and local law.