Senior Offensive Security Engineer
Job Fit Check
Base Career helps you apply smarter for this job.
Key skills for this role
About the Role
Deriv is hiring a Red Team Lead/Operator to lead offensive security operations across infrastructure, applications, cloud, and people. The role involves full-kill-chain red team engagements, social engineering, cloud and CI/CD attacks, and red-teaming AI agents.
Key Skills for This Role
Responsibilities
- Plan and execute full kill chain red team engagements: initial access, privilege escalation, lateral movement, persistence, and objective completion, mapped to MITRE ATT&CK
- Design and run social engineering and physical/insider threat simulations, informed by real world TTPs
- Attack cloud environments, Kubernetes, and CI/CD pipelines, identifying misconfigurations and privilege escalation paths
- Conduct source code analysis and application layer exploitation against trading, payments, and internal platforms
- Red team our AI agent stack: prompt injection, tool calling abuse, agent to agent trust boundaries, and credential exposure in agentic workflows
- Build and maintain custom tooling, C2 infrastructure, and payloads that evade modern detection stacks
- Write engagement reports and executive summaries that lead to actual remediation, not shelf ware
- Partner with SOC and Threat Hunting to run purple team exercises, closing detection gaps you exploited
- Mentor L1/L2 operators and contribute to the offensive security capability roadmap
Requirements
- 6+ years doing actual offensive security (full scope red team, not scoped pentests)
- OSCP required; OSCE, OSEP, OSED, CRTO or equivalent adversary simulation cert preferred
- Real depth in at least three of: internal AD/network exploitation, cloud attack paths (AWS/GCP), web/API exploitation, custom C2 development, social engineering/physical, mobile
- Ability to write custom tooling and implants in Python, Go, or Rust
- Experience operating against modern EDR instrumented environments
- Understanding of blast radius in a regulated fintech environment
- Ability to write reports that lead to actual remediation
Full Job Posting
Overview
- We're not hiring a security engineer to keep up with threats. We're hiring someone to make threats irrelevant before they become incidents.
- We're looking for a Red Team Lead/Operator who thinks like an adversary, not an auditor. Someone who continuously emulates real world attackers, challenges assumptions, and exposes the gaps that automated defenses miss.
- You'll lead offensive security operations across our infrastructure, applications, cloud, and people turning every engagement into detections, automation, and resilience.
What You’ll Do
- Plan and execute full kill chain red team engagements: initial access, privilege escalation, lateral movement, persistence, and objective completion, mapped to MITRE ATT&CK
- Design and run social engineering and physical/insider threat simulations, informed by real world TTPs
- Attack cloud environments, Kubernetes, and CI/CD pipelines, identifying misconfigurations and privilege escalation paths before real attackers do
- Conduct source code analysis and application layer exploitation against trading, payments, and internal platforms
- Red team our AI agent stack: prompt injection, tool calling abuse, agent to agent trust boundaries, and credential exposure in agentic workflows
- Build and maintain custom tooling, C2 infrastructure, and payloads that evade modern detection stacks
- Write engagement reports and executive summaries that lead to actual remediation, not shelf ware
- Partner with SOC and Threat Hunting to run purple team exercises, closing detection gaps you exploited
- Mentor L1/L2 operators and contribute to the offensive security capability roadmap
Who You Are
- 6+ years doing actual offensive security. Full scope red team, not a string of scoped pentests
- OSCP required. OSCE, OSEP, OSED, CRTO or equivalent adversary simulation cert gets you a real look
- Real depth in at least three of: internal AD/network exploitation, cloud attack paths (AWS/GCP), web/API exploitation, custom C2 development, social engineering/physical, mobile
- You can write your own tooling and implants in Python, Go, or Rust. Not just running Cobalt Strike out of the box
- You've operated against modern EDR instrumented environments and know what it actually takes to not get caught
- You understand blast radius in a regulated fintech and know how to break things without breaking the business
- You can write a report that gets fixed, not filed
Why Deriv
- We already run our own incident response and purple team our findings straight into detections, not a compliance exercise, an active discipline with real fallout when it's wrong.
- Our security org is starting to red team AI agents with tool access and memory, work most companies haven't figured out how to even scope yet.
- You'll get hands on production experience that would take far longer to accumulate at a single product company.
- We share what we learn. Deriv is where we write about what we're building, what breaks, and what we figure out the hard way.
The Honest Reality
- You'll sit inside a Security & AI Engineering org that treats offensive security as a real discipline, not a line item for the compliance audit.
- You'll work across Dubai and Malaysia with a team that runs actual incident response, not tabletop exercises with fake scenarios.
- You'll have a direct line from finding a hole to it getting closed, and room to build the tooling and run the engagements that shape how we red team the AI agents everyone else is still figuring out how to even think about.
Apply for this job in 1 click
Skip the repetitive application forms
Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.
Trusted by over 500,000 job seekers on Base Career
More from this employer
More jobs at Deriv
Senior Regulatory Compliance Executive
Dubai, UAE
Deriv seeks a Senior Regulatory Compliance Executive to manage compliance for entities in investment services, banking, and virtual assets. You will conduct compliance monitoring, gap analyses, manage licensing with CMA
Senior SOC Analyst
Dubai, UAE
Deriv is hiring a Senior SOC Analyst to proactively hunt threats, build detections, and own incident response end-to-end. The role requires deep expertise in EDR, cloud security, and malware analysis, with a focus on aut
Senior Data Analyst
Dubai, UAE
Deriv is hiring a Senior Data Analyst to transform complex datasets into actionable insights, shape products, and drive business growth. The role requires 5+ years of experience, strong SQL and Python/R skills, and exper
Senior Account Executive
Dubai, UAE
Deriv is looking for an early-career finance professional to join its Trading Finance team in Dubai. You will prepare journal entries, reconciliations, support month-end close, and work with regulated entities. This role
Senior Specialist - Taxation
Dubai, UAE
Deriv is seeking a Senior Tax Specialist to own multi-jurisdiction tax compliance, tax accounting, transfer pricing, and automation. Requires 12-15 years tax experience with strong foundation in corporate income tax acro
Senior Data Engineer
Dubai, UAE
Deriv is looking for a Senior Data Engineer to build reliable data infrastructure powering trading decisions, product analytics, compliance, and AI/ML systems. You will own data accuracy end-to-end, design governed pipel
IT Operations Engineer
Dubai, UAE
Deriv is looking for an IT Operations Engineer to maintain and automate IT infrastructure across global offices. The role involves managing endpoints, networking, and automation, with opportunities to grow into security,
Senior Regulatory Compliance Manager – Crypto Exchange & Virtual Assets
Dubai, UAE
As the Senior Regulatory Compliance Manager at Deriv’s crypto exchange and virtual asset business, you will play a critical role in ensuring adherence to global regulatory frameworks governing digital assets. You will de
Senior Regulatory Compliance Executive
Dubai, UAE
Senior SOC Analyst
Dubai, UAE
Senior Data Analyst
Dubai, UAE
Senior Account Executive
Dubai, UAE
Senior Specialist - Taxation
Dubai, UAE
Senior Data Engineer
Dubai, UAE
IT Operations Engineer
Dubai, UAE
Senior Regulatory Compliance Manager – Crypto Exchange & Virtual Assets
Dubai, UAE