Senior Offensive Security Engineer
Job Fit Check
Base Career helps you apply smarter for this job.
Key skills for this role
About the Role
Deriv.com is hiring a Senior Offensive Security Engineer to lead red team operations, emulating real-world attackers across infrastructure, applications, cloud, and AI agents.
Key Skills for This Role
Responsibilities
- Plan and execute full kill chain red team engagements mapped to MITRE ATT&CK
- Design and run social engineering and physical/insider threat simulations
- Attack cloud environments, Kubernetes, and CI/CD pipelines
- Conduct source code analysis and application layer exploitation
- Red team AI agent stack including prompt injection and tool calling abuse
- Build and maintain custom tooling, C2 infrastructure, and payloads
- Write engagement reports and executive summaries leading to remediation
- Partner with SOC and Threat Hunting to run purple team exercises
- Mentor L1/L2 operators and contribute to offensive security roadmap
Requirements
- 6+ years doing actual offensive security, full scope red team
- OSCP required
- Real depth in at least three of: internal AD/network exploitation, cloud attack paths (AWS/GCP), web/API exploitation, custom C2 development, social engineering/physical, mobile
- Ability to write own tooling and implants in Python, Go, or Rust
- Experience operating against modern EDR instrumented environments
- Understanding of blast radius in regulated fintech
Full Job Posting
Job Description
- We're not hiring a security engineer to keep up with threats. We're hiring someone to make threats irrelevant before they become incidents. We're looking for a Red Team Lead/Operator who thinks like an adversary, not an auditor.
Why This Matters
- Deriv's mission is Trading for Anyone, Anywhere, Anytime. Millions of traders across the globe, around the clock, across regulatory environments. At this scale, a misconfigured WAF rule or undetected lateral movement isn't a technical inconvenience it's a trader's funds at risk and a regulator on
The Challenge
- $600B moves through this platform every month. That kind of scale attracts real adversaries: state sponsored crews, financially motivated groups, insiders. We need someone who can operate like the people already trying to get in.
Why Deriv
- We already run our own incident response and purple team our findings straight into detections. Our security org is starting to red team AI agents with tool access and memory.
What You’ll Do
- Plan and execute full kill chain red team engagements: initial access, privilege escalation, lateral movement, persistence, and objective completion, mapped to MITRE ATT&CK
- Design and run social engineering and physical/insider threat simulations, informed by real world TTPs
- Attack cloud environments, Kubernetes, and CI/CD pipelines, identifying misconfigurations and privilege escalation paths before real attackers do
- Conduct source code analysis and application layer exploitation against trading, payments, and internal platforms
- Red team our AI agent stack: prompt injection, tool calling abuse, agent to agent trust boundaries, and credential exposure in agentic workflows
- Build and maintain custom tooling, C2 infrastructure, and payloads that evade modern detection stacks
- Write engagement reports and executive summaries that lead to actual remediation, not shelf ware
- Partner with SOC and Threat Hunting to run purple team exercises, closing detection gaps you exploited
- Mentor L1/L2 operators and contribute to the offensive security capability roadmap
Who You Are
- 6+ years doing actual offensive security. Full scope red team, not a string of scoped pentests
- OSCP required. OSCE, OSEP, OSED, CRTO or equivalent adversary simulation cert gets you a real look
- Real depth in at least three of: internal AD/network exploitation, cloud attack paths (AWS/GCP), web/API exploitation, custom C2 development, social engineering/physical, mobile
- You can write your own tooling and implants in Python, Go, or Rust. Not just running Cobalt Strike out of the box
- You've operated against modern EDR instrumented environments and know what it actually takes to not get caught
- You understand blast radius in a regulated fintech and know how to break things without breaking the business
- You can write a report that gets fixed, not filed
Apply for this job in 1 click
Skip the repetitive application forms
Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.
Trusted by over 500,000 job seekers on Base Career
More from this employer
More jobs at Deriv.com
Senior SOC Analyst
Dubai, UAE
Deriv is hiring a Senior SOC Analyst to proactively hunt threats, build detections, and own incident response in a high-scale fintech environment. You will work across infrastructure, cloud, identity, and endpoint, and e
Senior Regulatory Compliance Executive
Dubai, UAE
Deriv is seeking a Senior Regulatory Compliance Executive to manage compliance for entities spanning investment services, banking, and virtual assets. The role involves compliance monitoring, gap analyses, licensing mana
Senior Data Analyst
, UAE
Deriv is seeking a Senior Data Analyst to transform complex datasets into actionable insights that shape products, optimize customer experiences, and drive business growth. You will lead data-driven initiatives, mentor j
Anti Fraud Manager
Dubai, UAE
Job Information Job Opening ID ZR\2183\JOB Industry Finance & Accounts Date Opened 13/05/2026 Job Type Full time City Dubai Country United Arab Emirates Job Description Fraud doesn’t announce itself. It hides in payment
Business Development Manager
Dubai, UAE
Job Information Job Opening ID ZR\2178\JOB Industry Marketing & Global Partnerships Date Opened 12/05/2026 Job Type Full time City Dubai Country United Arab Emirates Job Description We're not hiring a relationship manage
Business Development Executive
Dubai, UAE
Job Information Job Opening ID ZR\2177\JOB Industry Marketing & Global Partnerships Date Opened 12/05/2026 Job Type Full time City Dubai Country United Arab Emirates Job Description The partners you recruit and activate
Media Compliance Counsel
Dubai, UAE
Job Information Job Opening ID ZR\2171\JOB Industry Legal & Compliance Date Opened 06/05/2026 Job Type Full time City Dubai Province - Country United Arab Emirates Postal Code - Job Description The Challenge Your job: de
Media Compliance Analyst
Dubai, UAE
Job Information Job Opening ID ZR\1450\JOB Industry Legal & Compliance Date Opened 13/04/2026 Job Type Full time City Dubai Country United Arab Emirates Job Description The challenge Your job: ensure Deriv's marketing ma
Senior SOC Analyst
Dubai, UAE
Senior Regulatory Compliance Executive
Dubai, UAE
Senior Data Analyst
, UAE
Anti Fraud Manager
Dubai, UAE
Business Development Manager
Dubai, UAE
Business Development Executive
Dubai, UAE
Media Compliance Counsel
Dubai, UAE
Media Compliance Analyst
Dubai, UAE