Authentic8 logo
Authentic8

The Silo Web Isolation Platform from Authentic8 enables anyone, anywhere, on any device to utilize the web without risk.

Red Team Engineer – Offensive Security Lead

Security EngineerSecurity EngineerFull TimeRemoteSeniorTeam 51-200H1B SponsorCompany SiteLinkedIn

Location

United States

Posted

21 hours ago

Salary

$150K - $175K / year

Seniority

Senior

Job Description

Red Team Engineer – Offensive Security Lead

Authentic8

• Design, build, and operate an AI-augmented red teaming harness using frontier LLM APIs. • Implement a control loop architecture (Plan | Act | Observe | Adjust) for autonomous and semi-autonomous vulnerability discovery. • Integrate the harness with purpose-built SBOM tooling (Endor Labs), CVE monitoring feeds (NVD, OSV.dev, EPSS/KEV, GitHub Advisory Database, and vendor-specific bulletins), and our CI/CD pipeline (Snyk, SonarQube). • Conduct adversarial testing across four attack perspectives: (Internal source code, External unauthenticated adversary, Internal authenticated user, and Internal unprivileged adversary) • Chain findings identify exploitable paths and corresponding vulnerabilities. • Validate and prioritize findings using CVSS, EPSS, and KEV context before handing off to the patch management pipeline. • Support the development and day-to-day operation of Authentic8's internal Bug Bounty Program. • Collaborate with engineering on custom mitigation decisions when vendor patches are unavailable. • Assume ownership of security stage-gates within our CI/CD pipeline, integrating Snyk, SonarQube, and harness findings into the build process. • Work alongside the SOC Lead on CVE monitoring, alerting, and vulnerability prioritization workflows. • Partner with DevSecOps Engineers on harness architecture and pipeline integration. • Provide technical input to the Integrated Operations Center on detection use case design for our SIEM. • Regularly brief the VP of Information Security on findings, program health, and checkpoint criteria.

Job Requirements

  • 5+ years in cybersecurity, penetration testing, or red team operations
  • Demonstrated experience building tools: scripting exploits, automating workflows, or constructing test harnesses (Python and/or Go strongly preferred)
  • Hands-on experience with LLM APIs in a security or agent context, including an understanding of tool use, control loops, and context management in agent architectures
  • Proficiency with static and dynamic analysis (SAST/DAST) and the ability to interpret and chain findings from automated tooling
  • Working knowledge of CVE and vulnerability data sources, including NVD, EPSS, KEV, OSV.dev, and the GitHub Advisory Database
  • Experience testing cloud-hosted SaaS platforms (GCP familiarity preferred)
  • Familiarity with container security (containered, Docker) and Linux-based infrastructure
  • Ability to work independently, manage your own scope, and deliver against defined milestones
  • Excellent documentation and communication skills
  • Must be US citizen

Benefits

  • medical
  • dental
  • vision
  • flexible PTO
  • a 401k program
  • stock options

Related Categories

Related Job Pages

More Security Engineer Jobs

Full TimeRemoteTeam 11-50H1B No Sponsor

Role Description We are seeking a highly skilled and experienced Information Systems Security Officer (ISSO) - Senior to join our team. In this critical role, you will be responsible for executing the full RMF lifecycle across all information systems and applications, leading security assessment activities with the goal of maintaining a 100% Authority to Operate (ATO) status. As a senior leader, you will ensure the rigorous application of cybersecurity policies, manage system remediation efforts, design critical contingency plans, and champion cybersecurity awareness across the organization. Qualifications - Bachelor’s Degree (BA/BS) OR equivalent verifiable work experience - Six (6) years of progressive experience in information assurance, cybersecurity engineering, or ISSO/ISSM roles. Requirements - Must be a U.S. citizen (no dual citizenship). - Ability to pass a background investigation. - Able to obtain and maintain DHS Suitability/Entry on Duty (EOD). - High level of attention to detail and strong organizational skills. - Strong leadership and project management capabilities to drive remediation actions and manage inspection timelines. - Excellent communication and presentation skills, with a proven ability to draft technical status reports and confidently brief clients and senior stakeholders. Position Responsibilities - Security Program Oversight & Leadership - Policy Application: Ensure the rigorous application of cybersecurity policies, principles, and practices in the delivery of all IT cybersecurity services. - Operational Posture: Develop and implement programs as required to ensure that systems, networks, and data users are aware of, understand, and adhere to systems cybersecurity policies and procedures. - Resilience Planning: Develop system security contingency plans and disaster recovery plans to ensure organizational resilience. - Strategic Advisory & Risk Management - Executive & Client Consultation: Help conduct the appropriate remediation actions associated with findings from inspections and evaluations, generate status reports, and brief clients on the security health of information systems or programs. - Risk Management Framework (RMF) Expertise: Provide subject matter expertise and knowledge of RMF to perform Risk Management Framework activities for all information systems and applications. - Operations & Controls: Follow RMF to identify, implement, assess, and manage cybersecurity capabilities and services, expressed as security controls, and authorizing the operation of an information system. - Assessments, Audits, & Compliance - Authorization Support: Lead the security assessment and authorization activities for information systems, maintaining 100% ATO status. - Audit Readiness: Lead cybersecurity-related audits, inspections, assessments, operations, and orders processing. - Standards Alignment: Ensure information systems comply with client requirements and industry standards. - Technical Areas of Expertise - Deep subject matter expertise and advanced knowledge of RMF and NIST security controls. - Proven track record of leading systems successfully through the assessment and authorization process to secure and maintain a 100% ATO status. - Demonstrated experience authoring enterprise-level documentation, including Contingency Plans and Disaster Recovery Plans. - Experience coordinating and leading responses to formal cybersecurity audits, technical inspections, and orders processing. Benefits - Competitive salaries - Full health insurance - Generous time off - Observation of federal holidays - Reimbursement for courses, exams, and tuition Salary Range: $110,000-$125,000

United States
$110K - $125K / year
Full TimeRemoteTeam 11-50H1B No Sponsor

Role Description Avint is seeking a highly motivated Senior Security Controls Assessor (SCA) in support of a critical federal contract. The Senior SCA is a subject matter expert responsible for executing comprehensive, independent assessments of the organization’s most complex information systems, applications, and cloud infrastructures. Operating as a senior-level individual contributor, this role focuses on verifying the implementation, correctness, and effectiveness of technical, operational, and management security controls. The Senior SCA handles the most complex, critical, or sensitive system assessments, serving as a technical mentor to junior assessors and a primary technical advisor to system owners during the Risk Management Framework (RMF) lifecycle. Qualifications - Bachelor’s degree (BS/BA) OR equivalent professional experience. - Security+; higher certifications such as CISSP, CAP, or CASP desired. - Minimum of 8-10 years of dedicated experience in cybersecurity, information assurance, or IT auditing. - At least six (6) years of dedicated experience performing hands-on security controls assessments of the most complex (C4) systems. Requirements - Must be a U.S. citizen (no dual citizenship). - Ability to pass a background investigation. - Able to obtain and maintain DHS Suitability/Entry on Duty (EOD). Soft Skills - Strong analytical, critical thinking, and problem-solving skills with a high level of technical professional skepticism. - Excellent technical writing skills, with the ability to clearly document complex technical findings and defend assessment results to stakeholders. - Exceptional interpersonal and diplomatic skills, allowing for productive collaboration with system administrators, developers, and management. Position Responsibilities - Security Assessment and Validation - Lead comprehensive security control assessments of complex information systems using interview, examination, and testing methods. - Verify compliance with established frameworks such as NIST SP 800-37, NIST SP 800-53, NIST SP 800-171, FISMA, and/or FedRAMP, depending on organizational requirements. - Analyze system architectures, network diagrams, configuration settings, and policies to identify vulnerabilities and compliance gaps. - Review vulnerability scanning results (e.g., Nessus, Qualys) and penetration testing reports to validate the implementation of technical controls. - Technical Mentorship and Quality Assurance - Act as a senior technical escalation point and mentor for mid- and junior-level Security Controls Assessors on the team. - Perform peer reviews of assessment documentation, test results, and reports generated by other team members to ensure technical accuracy and consistency. - Support the SCA Team Lead in defining, refining, and standardizing assessment methodologies, testing procedures, and reporting templates. - Reporting and Risk Management - Author, review, and finalize high-quality Security Assessment Reports (SAR) detailing assessment findings, risks, and recommended remediations. - Present assessment findings and risk postures to Authorizing Officials (AO), system owners, and other stakeholders in clear, actionable terms. - Assist system owners in the development of realistic Plans of Action and Milestones (POA&M) to remediate identified deficiencies. - Collaborate with the Risk Management team to ensure assessment data accurately informs the organization’s continuous monitoring strategy. - Continuous Improvement and Strategy - Stay current on emerging cyber threats, vulnerabilities, regulatory changes, and assessment techniques. - Identify opportunities to automate assessment processes and integrate modern tooling into the assessment lifecycle. - Participate in the development and refinement of enterprise information security policies, standards, and guidelines. - Technical Areas of Expertise - Advanced knowledge of security control frameworks (specifically NIST SP 800-53, NIST SP 800-37, and NIST SP 800-171). - Familiarity with cloud security concepts (AWS, Azure, Google Cloud) and cloud compliance frameworks (FedRAMP). - Knowledge of operating system security, network protocols, access control mechanisms, and vulnerability management tools. Benefits - Competitive salaries. - Full health insurance. - Generous time off and observation of federal holidays. - Reimbursement for courses, exams, and tuition for professional development. Salary Range $125,000-$141,000

United States
$125K - $141K / year
Full TimeRemoteTeam 11-50H1B No Sponsor

Role Description We are seeking a highly skilled and experienced Information Systems Security Officer (ISSO) Subject Matter Expert (SME) to join our team. In this critical role, you will be ultimately responsible for the day-to-day cyber operations of assigned systems, ensuring strict adherence to the Risk Management Framework (RMF) and industry standards. As a trusted advisor, you will collaborate closely with executive leadership—including the Authorizing Official (AO), System Owners, and the Chief Information Security Officer (CISO)—to mitigate risk and defend vital digital infrastructure. Qualifications - Bachelor’s Degree (BA/BS) OR equivalent verifiable work experience. - Security+ or higher; higher certifications such as CISSP, CAP, or CASP desired. - Eight (8) years of progressive experience in information assurance, cybersecurity engineering, or ISSO/ISSM roles. Requirements - Must be a U.S. citizen (no dual citizenship). - Ability to pass a background investigation. - Able to obtain and maintain DHS Suitability/Entry on Duty (EOD). - High level of attention to detail and strong organizational skills. - Exceptional communication and diplomacy skills, with the ability to translate complex technical risks into actionable business advice for executive stakeholders (AO, CISO). - Strong analytical thinking and meticulous attention to detail regarding security documentation and boundaries. Position Responsibilities - Security Program Oversight & Leadership - Program Ownership: Oversee the comprehensive Information Assurance (IA) program for assigned information systems. - Operational Posture: Ensure the continuous implementation and maintenance of an appropriate operational security posture, including network/system security, physical/environmental protection, personnel security, incident handling, and security training/awareness. - Day-to-Day Operations: Act as the primary authority ultimately responsible for daily cybersecurity operations across assigned systems. - Strategic Advisory & Risk Management - Executive Consultation: Advise the Authorizing Official (AO), Information System Owners, and the CISO on risks, vulnerabilities, and the overall security health of information systems or programs. - RMF Expertise: Provide deep Risk Management Framework (RMF) expertise and direct support for Cybersecurity Inspections, Operations, and Orders Processing. - Compliance & Documentation: Ensure all system security documentation remains current and that authorization boundaries are accurately defined and maintained for all systems. - Assessments, Audits, & Compliance - Authorization Support: Actively support and facilitate security assessment and authorization (A&A) activities to maintain Authority to Operate (ATO) status. - Audit Readiness: Lead and assist in cybersecurity-related audits, inspections, regulatory compliance reviews, and technical assessments. - Standards Alignment: Ensure all information systems strictly comply with client-specific mandates, federal regulations, and industry best practices. - Technical Areas of Expertise - Advanced mastery of the Risk Management Framework (RMF) and associated security controls (e.g., NIST SP 800-53). - Proven experience guiding systems through the full Assessment & Authorization (A&A) lifecycle. - Strong understanding of network security architecture, incident response protocols, and physical security standards. - Working knowledge of automated cybersecurity and vulnerability scanning tools deployed in enterprise environments (e.g., ACAS, Nessus, Splunk, HBSS, or similar). Benefits - Competitive salaries - Full health insurance - Generous time off - Observation of federal holidays - Reimbursement for courses, exams, and tuition Salary Range $130,000-$150,000

United States
$130K - $150K / year
Full TimeRemoteTeam 11-50Since 2020H1B No Sponsor

Role Description We’re seeking an experienced Chief Compliance Officer (CCO) / Chief Information Security Officer (CISO) to lead our compliance and information security programs. This executive will be a key member of the leadership team, ensuring LendSwift operates with full regulatory compliance and robust data security across all operations. - Compliance: - Maintain and improve a comprehensive Compliance Management System (CMS) that aligns with applicable federal and state consumer lending laws and regulations (e.g., TILA, ECOA, FCRA, GLBA, UDAAP). - Manage and maintain strong working relationships with our bank partners, ensuring ongoing compliance with bank oversight requirements and participation in exams and audits. - Oversee licensing, regulatory reporting, and interactions with federal and state regulators. - Advise senior leadership on compliance risks, trends, and mitigation strategies. - Lead compliance training, monitoring, and issue management programs. - Information Security: - Own the design and execution of our enterprise information security program to protect customer and company data. - Ensure compliance with GLBA, SOC 2, PCI DSS, and other applicable data security frameworks. - Develop and enforce policies, procedures, and controls for data privacy, cybersecurity, and incident response. - Oversee vendor due diligence and third-party risk management as it relates to information security. - Report regularly to executive leadership and the Board on the state of information security. Qualifications - 8+ years of progressive leadership experience in compliance and/or information security in the consumer lending industry. - Extensive knowledge of the bank partnership lending model and managing bank sponsor relationships. - Hands-on experience with multi-state lending operations and regulatory requirements. - Proven ability to lead, build, and scale compliance and security programs in a high-growth environment. - Strong communication skills; comfortable engaging with regulators, bank partners, auditors, and legal counsel. - Bachelor’s degree required; JD, CIPP, CISSP, or other relevant certifications a plus. Requirements - 8+ years of progressive leadership experience in compliance and/or information security in the consumer lending industry. - Extensive knowledge of the bank partnership lending model and managing bank sponsor relationships. - Hands-on experience with multi-state lending operations and regulatory requirements. - Proven ability to lead, build, and scale compliance and security programs in a high-growth environment. - Strong communication skills; comfortable engaging with regulators, bank partners, auditors, and legal counsel. - Bachelor’s degree required; JD, CIPP, CISSP, or other relevant certifications a plus. Benefits - Highly flexible remote work environment. - Unlimited PTO. - Lean, AI-forward leadership team. - The chance to shape compliance and security strategy for a growing fintech innovator. - Competitive compensation and comprehensive benefits.

United States