{bc}
linkedin

Senior Offensive Security Engineer

Deriv
Dubai, UAE
Full Time
Senior
Yesterday
Red TeamingPenetration TestingCloud Security (AWS/GCP)Kubernetes SecurityCI/CD SecuritySocial Engineering
Free

Job Fit Check

Base Career helps you apply smarter for this job.

?%
Ready to Scan

Key skills for this role

Red TeamingPenetration TestingCloud Security (AWS/GCP)
Smart Apply

Full Job Posting

Overview

  • We're not hiring a security engineer to keep up with threats. We're hiring someone to make threats irrelevant before they become incidents.
  • We're looking for a Red Team Lead/Operator who thinks like an adversary, not an auditor. Someone who continuously emulates real world attackers, challenges assumptions, and exposes the gaps that automated defenses miss.
  • You'll lead offensive security operations across our infrastructure, applications, cloud, and people turning every engagement into detections, automation, and resilience.

What You’ll Do

  • Plan and execute full kill chain red team engagements: initial access, privilege escalation, lateral movement, persistence, and objective completion, mapped to MITRE ATT&CK
  • Design and run social engineering and physical/insider threat simulations, informed by real world TTPs
  • Attack cloud environments, Kubernetes, and CI/CD pipelines, identifying misconfigurations and privilege escalation paths before real attackers do
  • Conduct source code analysis and application layer exploitation against trading, payments, and internal platforms
  • Red team our AI agent stack: prompt injection, tool calling abuse, agent to agent trust boundaries, and credential exposure in agentic workflows
  • Build and maintain custom tooling, C2 infrastructure, and payloads that evade modern detection stacks
  • Write engagement reports and executive summaries that lead to actual remediation, not shelf ware
  • Partner with SOC and Threat Hunting to run purple team exercises, closing detection gaps you exploited
  • Mentor L1/L2 operators and contribute to the offensive security capability roadmap

Who You Are

  • 6+ years doing actual offensive security. Full scope red team, not a string of scoped pentests
  • OSCP required. OSCE, OSEP, OSED, CRTO or equivalent adversary simulation cert gets you a real look
  • Real depth in at least three of: internal AD/network exploitation, cloud attack paths (AWS/GCP), web/API exploitation, custom C2 development, social engineering/physical, mobile
  • You can write your own tooling and implants in Python, Go, or Rust. Not just running Cobalt Strike out of the box
  • You've operated against modern EDR instrumented environments and know what it actually takes to not get caught
  • You understand blast radius in a regulated fintech and know how to break things without breaking the business
  • You can write a report that gets fixed, not filed

Why Deriv

  • We already run our own incident response and purple team our findings straight into detections, not a compliance exercise, an active discipline with real fallout when it's wrong.
  • Our security org is starting to red team AI agents with tool access and memory, work most companies haven't figured out how to even scope yet.
  • You'll get hands on production experience that would take far longer to accumulate at a single product company.
  • We share what we learn. Deriv is where we write about what we're building, what breaks, and what we figure out the hard way.

The Honest Reality

  • You'll sit inside a Security & AI Engineering org that treats offensive security as a real discipline, not a line item for the compliance audit.
  • You'll work across Dubai and Malaysia with a team that runs actual incident response, not tabletop exercises with fake scenarios.
  • You'll have a direct line from finding a hole to it getting closed, and room to build the tooling and run the engagements that shape how we red team the AI agents everyone else is still figuring out how to even think about.

Apply for this job in 1 click

Skip the repetitive application forms

Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.

Sarah M.James T.Maya R.

Trusted by over 500,000 job seekers on Base Career

Start Free Today

More from this employer

More jobs at Deriv