Offensive Security Engineer (Permanent – Hybrid – New York, NY)

Offensive Security Engineer (Permanent – Hybrid – New York, NY)

A leading and innovative FinTech firm is seeking a highly skilled Offensive Security Engineer to join their team. This permanent position, based in New York City’s Financial District (FiDi), offers a hybrid work model, requiring approximately 3 days per week in-office. You’ll play a critical role in proactively identifying and mitigating security risks across their cutting-edge platform, specifically operating within the dynamic cryptocurrency space.

The successful candidate will bring a strong foundation in penetration testing and adversarial simulation, essential for assessing the security posture of vital assets like web applications, smart contracts, internal and external APIs, data lakes, and trading infrastructure. Success in this role demands not only deep technical acumen but also exceptional soft skills, including clear communication, seamless collaboration across cross-functional teams, and the ability to translate complex security findings into actionable insights. You’ll work closely with development, DevOps, and product teams, ensuring security is meticulously embedded throughout the entire development lifecycle.

What You’ll Be Doing: Core Responsibilities in Offensive Security

As an Offensive Security Engineer, you will be at the forefront of the firm’s defense, proactively simulating attacks to uncover vulnerabilities and strengthen the security posture of a cutting-edge cryptocurrency platform. Your responsibilities will combine hands-on technical execution with strategic collaboration and tool development.

• Conduct Red Team Exercises and Penetration Tests: You will meticulously conduct red team exercises and comprehensive penetration tests across diverse systems and environments. This involves simulating real-world cyberattacks to identify exploitable vulnerabilities, assess the effectiveness of existing security controls, and uncover weaknesses in the platform’s defenses. Your targets will include everything from web applications to underlying infrastructure, providing a holistic security assessment.
• Analyze and Exploit Smart Contract and Blockchain Vulnerabilities: A unique and critical aspect of this role is the ability to analyze and exploit vulnerabilities specifically within smart contracts and blockchain-based applications. This requires a deep understanding of blockchain technology, smart contract programming languages (e.g., Solidity), common attack vectors (e.g., reentrancy, integer overflow, access control issues), and the tools used to identify and exploit these flaws in a decentralized environment.
• Test and Secure APIs, Web Applications, and Backend Services: You will rigorously test and secure a broad range of digital assets, including APIs (Application Programming Interfaces), web applications, and various backend services. This involves performing both automated and manual security assessments to uncover vulnerabilities such as injection flaws, authentication bypasses, insecure deserialization, and misconfigurations, ensuring the integrity and confidentiality of data exchanged across the platform.
• Collaborate with Engineering Teams to Remediate Findings: You will work in close collaboration with engineering teams (developers, DevOps, SREs) to effectively remediate identified security findings and continuously improve the overall security posture of the platform. This requires strong communication skills to explain complex vulnerabilities, provide clear remediation guidance, and work together to implement robust, lasting fixes that enhance the platform’s resilience against future attacks.
• Develop Custom Tools and Scripts for Automation: You will enhance the efficiency and effectiveness of security assessments by developing custom tools and scripts. These bespoke solutions will be used to automate various testing and reporting processes, allowing for more frequent, comprehensive, and scalable security analyses. Your automation efforts will streamline vulnerability discovery, data collection, and report generation, enabling the team to focus on more complex, high-value tasks.

Key Qualifications: Your Foundation for Offensive Security Excellence

To thrive in this critical Offensive Security Engineer role, you’ll need a strong background in offensive security, deep technical knowledge of web and smart contract vulnerabilities, and proficiency in relevant programming languages.

• Extensive Offensive Security or Penetration Testing Experience: You must possess a minimum of 3+ years of hands-on experience in offensive security or penetration testing. This indicates a proven track record of actively identifying, exploiting, and reporting security vulnerabilities in real-world systems, demonstrating your practical skills in ethical hacking.
• Strong Knowledge of Web, API, and Smart Contract Vulnerabilities: You are required to have strong knowledge of various web security vulnerabilities (e.g., OWASP Top 10), API security best practices and common attack vectors, and a specialized understanding of smart contract vulnerabilities inherent in blockchain technologies. This comprehensive understanding across different layers of the application stack is crucial for a full-spectrum security assessment.
• Proficiency in Programming Languages: You must demonstrate proficiency in Python, Java, C++, or similar programming languages. This coding ability is essential for developing custom tools, writing exploit scripts, analyzing source code for vulnerabilities, and effectively communicating with development teams.
• Excellent Communication, Documentation, and Interpersonal Skills: You must possess excellent communication skills, both verbal and written, for articulating complex technical findings to diverse audiences. Strong documentation skills are vital for creating clear and actionable reports. Exceptional interpersonal skills are necessary for collaborating effectively with cross-functional teams and building relationships with developers, DevOps, and product teams.
• Experience in FinTech or Crypto Environments (Plus): While not strictly required, experience in FinTech (Financial Technology) or cryptocurrency environments is a significant plus. This domain knowledge would provide a valuable understanding of the unique security challenges, regulatory landscapes, and operational nuances specific to financial platforms operating in the digital asset space.

What’s In It For You: Impact, Growth, and a Cutting-Edge Domain

This permanent, hybrid Offensive Security Engineer role offers a compelling environment for professional growth and significant impact within a leading FinTech firm at the forefront of the cryptocurrency space.

• Pioneering Role in a Cutting-Edge FinTech Firm: You’ll join an innovative FinTech firm at the absolute forefront of the cryptocurrency space. This provides a unique opportunity to work with bleeding-edge technology, tackle novel security challenges, and directly influence the security posture of a platform that is revolutionizing digital finance.
• High-Impact Role in Proactive Security: Your role is inherently high-impact, focused on proactively identifying and mitigating security risks across the entire platform. Your contributions will directly strengthen the firm’s defenses against sophisticated cyber threats, safeguarding critical financial assets and user trust.
• Diverse Security Assessment Scope: You’ll gain unparalleled experience assessing the security posture of a wide array of systems, including complex web applications, intricate smart contracts, internal and external APIs, vast data lakes, and high-stakes trading infrastructure. This diverse scope ensures continuous learning and broadens your expertise across multiple security domains.
• Strategic Collaboration and Influence: You’ll have the opportunity to work closely with developers, DevOps, and product teams, embedding security throughout the development lifecycle. This strategic collaboration allows you to influence design decisions, advocate for secure coding practices, and ensure security is a foundational element, not an afterthought.
• Professional Growth in Adversarial Simulation: This role offers exceptional professional growth in adversarial simulation and penetration testing. You’ll continuously sharpen your offensive security skills, develop custom tools, and stay ahead of emerging threats in a dynamic and challenging environment.

Important Note: This is a hybrid role based in New York City (FiDi), requiring approximately 3 days per week in-office. Visa sponsorship is not available for this position.

If this Offensive Security Engineer role in New York, NY, aligns with your expertise in penetration testing, your knowledge of smart contract vulnerabilities, and your passion for cybersecurity in the cryptocurrency space, we encourage you to learn more about this exciting permanent, hybrid opportunity. This is a fantastic chance to make a significant impact on the security of a cutting-edge financial platform.

Ready to proactively secure the future of finance?