Key skills
Offensive securityPenetration testingRed teamingCode auditsBinary exploitationAWSMITRE ATT&CK frameworkWeb application securityOWASP Top 10ASVSBurp SuiteNucleiPythonGoBlockchainEthereumDeFiCommunicationOWASPPenetration Testing
About this role
Offchain is a pioneering company in blockchain scalability and security, focused on transforming interactions with decentralized applications. The Senior Security Engineer will emulate real-world tactics to identify vulnerabilities, conduct penetration tests, and collaborate with teams to enhance security measures.
Responsibilities:
- Conduct comprehensive code audits across a variety of internal applications and infrastructure
- Conduct comprehensive penetration tests across cloud environments (AWS), infrastructure, and backend applications
- Collaborate with detection engineering, threat intelligence, and incident response groups to review security controls, uncover coverage gaps, and enhance overall detection quality
- Build, maintain, and evolve custom offensive tools, scripts, and automation frameworks to increase assessment speed
- Offer offensive security expertise during incident investigations, including log analysis and root cause reviews
- Keep up with evolving threats, vulnerabilities, and attack methods; share research internally and engage with the wider security community
- Own offensive security projects from start to finish, mentor junior team members, and cultivate a culture of ongoing learning and knowledge exchange
Requirements:
- 5+ years of experience in offensive security, penetration testing, red teaming, or a closely related field
- Extensive experience with conducting code audits to identify and remediate security issues
- Experience with binary exploitation
- Mastery of AWS & specific attack techniques and configuration weaknesses
- Strong understanding of adversary tactics and frameworks like MITRE ATT&CK
- In-depth knowledge of web application security, including OWASP Top 10, ASVS, and common vulnerability categories
- Proficiency using offensive security tools such as Burp Suite, nuclei and similar frameworks
- Strong programming skills in Python, Go, or similar languages, with proven experience developing tools or automation
- Excellent written and verbal communication skills, with the ability to present complex technical details as clear, risk-focused recommendations
- A natural ability to think like an attacker - creative, determined, and skilled at assessing risk across complex systems
- Web3 / blockchain security exposure: smart contract auditing, bug bounty hunting (e.g., Immunefi, Code4rena), or DeFi protocol review
- Familiarity with Ethereum L1 / L2 node architecture and security risks
- Experience in blockchain infrastructure penetration testing