Lead Offensive Security Engineer

About AppOmni

AppOmni is leading the cybersecurity and AI revolution. We created the category called SaaS security posture management (SSPM). And now, over 25% of the Fortune 100 and many global companies are using our platform to overcome challenges such as SaaS application attacks, sensitive data exposure, insider threats, and so much more. Our mission is to prevent SaaS data breaches by securing the applications that power the enterprise. 

About the Role

We are seeking a highly skilled and experienced Lead Offensive Security Engineer to join our growing AppOmni Labs research team. As a Senior Offensive Security Engineer, you will work with our Labs, Engineering, and Security teams and engage in novel vulnerability research and responsible disclosure. Your research will help improve our product and drive SaaS security posture improvement for our customers. This is a highly technical position at a rapidly growing security product and engineering company, working with exceptionally skilled researchers and engineers. It is an opportunity to do deep-dive research on some of the largest SaaS products in the world and make a positive impact by driving improvement of the global SaaS landscape security posture. Come work with us and make an impact. 

What You’ll Do

• Novel SaaS vulnerability research and responsible disclosure
• Coverage research on new and existing SaaS products
• Development of SaaS attack techniques and killchains
• Development of AppOmni Insights
• Technical review of research and publications
• Security community engagement
• Research blog posts and media engagement
• Offensive SaaS tooling development impact by driving improvement of the global SaaS landscape security posture. 

What We’re Looking For

• 5+ years of experience in security research in which you conducted deep analysis of targets to locate vulnerabilities and develop writeup material.
• Deep knowledge of major SaaS platforms like Salesforce, ServiceNow, Microsoft 365, Github, Workday, Box, Slack, Zoom, etc…
• Ability to learn and carry out deep-dive security assessments of new SaaS platforms.
• Familiarity with GCP, AWS, Azure
• Development experience in Python
• A strong passion and interest in security and vulnerability research 
• Excellent communication and teamwork skills in a remote setting.
• Ability to learn and research independently and deliver on goals and objectives. 

You may also have

• A list of published CVEs and Bug Bounties
• Previous Red Team and Offensive Security experience
• OSCP and OSCE certification
• GCP & GKE experience

Culture

Our flexible, remote-first team is collaborative and supportive as we move quickly to research and develop new ideas, deliver new features …