Offensive Security Engineer

About the Role

This is not a traditional pentesting role. At CloudWalk, you’ll go beyond running scans or writing reports. You’ll break into systems, exploit real weaknesses, and then engineer automations and agents to make sure those classes of vulnerabilities never come back. Your work will directly shape how CloudWalk defends itself at scale, turning offensive security knowledge into defensive engineering.
You’ll be part of a team that blends red teaming, mobile/web pentesting, and security automation. If you enjoy moving fast, exploiting hard problems, and coding the solutions, this role is for you.

About the Role

This is not a traditional pentesting role. At CloudWalk, you’ll go beyond running scans or writing reports. You’ll break into systems, exploit real weaknesses, and then engineer automations and agents to make sure those classes of vulnerabilities never come back. Your work will directly shape how CloudWalk defends itself at scale, turning offensive security knowledge into defensive engineering.
You’ll be part of a team that blends red teaming, mobile/web pentesting, and security automation. If you enjoy moving fast, exploiting hard problems, and coding the solutions, this role is for you.

Break things that matter. Pentest applications across our stack, identifying vulnerabilities in APIs, mobile apps (Android/iOS), and infrastructure before attackers do.

Run red team operations. Plan and execute realistic attack campaigns: phishing with custom domains, social engineering, lateral movement, privilege escalation. Measure real organizational resilience, not checkbox compliance.

Build offensive tooling. Engineer security platforms, scanning pipelines, and automation that multiply the team's impact.

Weaponize AI for defense. Design and build LLM-powered agents that detect, classify, triage and fix vulnerabilities in real time.     

Strong knowledge of common vulnerabilities, exploitation techniques, and secure coding practices. You can find bugs in source code, not just with a proxy.                 

Experience with web application and API pentesting. Mobile pentesting (Android/iOS) is a strong plus.

You code daily. Proficiency in Typescript, Go, or similar, not just scripts, but tools and services others can rely on.                                                    

Familiarity with cloud infrastructure security (GCP/AWS/Azure), Kubernetes, and service mesh concepts.

Understanding of CI/CD pipelines and how to embed security checks into them.                                                                                               

Experience leveraging LLMs or AI agents for security tasks.

Excellent communication and collaboration skills to work effectively with engineering teams.     

Experience with red team operations: phishing infrastructure, social engineering, C2 frameworks.                                                                           

Familiarity with payment industry security (PCI DSS, card tokenization, acquiring flows).                                                                                  

Experience building security platforms or internal tooling (dashboards, bots, vulnerability management systems).                                                           

Contributions to open source security tools, published security research or CTFs.