Staff Security Engineer, Product
Job Fit Check
Base Career helps you apply smarter for this job.
Key skills for this role
About the Role
Rogo is hiring a Staff Security Engineer to lead offensive security, penetration testing, and red team exercises for their AI-driven financial platform. You will build automated security tooling and partner with engineering teams.
Key Skills for This Role
Responsibilities
- Conduct hands on penetration testing and red team assessments against Rogo's applications, APIs, AI/ML pipelines, and cloud environments
- Build agentic security tooling that finds, validates, and patches vulnerabilities end to end
- Develop and maintain custom offensive tooling, exploit chains, and attack simulations
- Build and operate automated security testing and remediation pipelines
- Perform deep adversarial testing of AI specific attack surfaces
- Own vulnerability research and bug hunting across the product
- Design and execute threat modeling sessions with engineering teams
- Build attack simulation environments and continuously validate security controls
- Contribute directly to backend codebases to fix vulnerabilities and harden security
- Lead purple team exercises and own relationship with external pen test firms
Requirements
- Professional penetration testing experience across web apps, APIs, cloud environments, and ideally AI/ML systems
- Professional development experience in a strongly typed language (e.g., Rust, Go, Java, C++) alongside scripting languages (Python, Bash)
- Comfortable with Burp Suite, Nuclei, Semgrep, custom fuzzing frameworks
- Experience integrating automated security checks into CI/CD pipelines (SCA, SAST, DAST)
- Comfortable with infrastructure automation (Terraform, Kubernetes) and identifying misconfigurations in AWS/GCP
- Applied knowledge of threat modeling, cryptography fundamentals, and compliance frameworks (SOC 2, ISO 27001/42001, NIST CSF)
Full Job Posting
The Role
- As a Staff Security Engineer at Rogo, you'll be our hands on offensive security practitioner, focused on breaking our products before adversaries do.
- You'll conduct deep dive penetration testing, red team exercises, and adversarial security assessments against our AI driven platform, APIs, and cloud infrastructure.
What You Will Own
- Conduct hands on penetration testing and red team assessments against Rogo's applications, APIs, AI/ML pipelines, and cloud environments.
- Build agentic security tooling that finds, validates, and patches vulnerabilities end to end.
- Develop and maintain custom offensive tooling, exploit chains, and attack simulations.
- Build and operate automated security testing and remediation pipelines.
- Perform deep adversarial testing of AI specific attack surfaces.
- Own vulnerability research and bug hunting across the product.
- Design and execute threat modeling sessions with engineering teams.
- Build attack simulation environments and continuously validate security controls.
- Contribute directly to backend codebases to fix critical vulnerabilities.
- Lead purple team exercises and own relationship with external pen test firms.
- Share offensive tradecraft and emerging attack techniques with engineering and leadership.
Great Candidates Often
- Have professional penetration testing experience across web apps, APIs, cloud environments, and ideally AI/ML systems.
- Have built or are excited to build agentic security tooling.
- Have professional development experience in a strongly typed language (e.g., Rust, Go, Java, C++) alongside scripting languages (Python, Bash).
- Are comfortable with Burp Suite, Nuclei, Semgrep, custom fuzzing frameworks.
- Have integrated automated security checks into CI/CD pipelines.
- Are comfortable with infrastructure automation (Terraform, Kubernetes) and can identify misconfigurations in AWS/GCP environments.
- Communicate crisply and can collaborate effectively.
- Have applied knowledge of threat modeling, cryptography fundamentals, and compliance frameworks.
Bonus
- OSCP, OSWE, GXPN, GWAPT, CPTS, or similar offensive security certifications.
- Experience testing multi tenant SaaS platforms serving regulated industries.
- Hands on cloud penetration testing experience in AWS or GCP.
- Kubernetes security testing.
- Bug bounty track record or published CVEs / security research.
- Experience in customer facing security conversations.
Apply for this job in 1 click
Skip the repetitive application forms
Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.
Trusted by over 500,000 job seekers on Base Career
More from this employer
More jobs at Rogo
Talent Acquisition | Recruiter, Engineering
New York, QAT
Rogo is seeking an Engineering Recruiter to lead full-cycle hiring for technical roles. You will partner with hiring managers, source candidates, manage agency relationships, and ensure a top-notch candidate experience.
People Operations Manager
New York, UAE
Rogo is seeking a People Operations Manager to build and manage people programs, benefits, compliance, and culture initiatives. The role requires 5+ years of People Operations experience and strong project management ski
Lead iOS Engineer
New York, KSA
Rogo is looking for a Founding iOS Engineer to lead the development of its native iOS app for finance professionals. You will architect, build, and maintain the app using Swift, SwiftUI, and UIKit, and own features end-t
Product Designer
New York, UAE
Rogo is seeking a Product Designer to design core product experiences for AI-powered financial tools. You will collaborate closely with the Head of Design and CEO, owning end-to-end design from problem framing to product