Offensive Security Researcher | Red Team | Cloud & SaaS Exploitation

Join a cutting-edge Offensive Security team focused on uncovering high-impact vulnerabilities across modern attack surfaces. We're looking for an experienced Offensive Security Researcher / Red Team Operator who thrives in complex, real-world environments and enjoys discovering novel attack paths beyond known CVEs.This is a highly technical opportunity for someone passionate about vulnerability research, cloud exploitation, adversary simulation, exploit development, offensive automation, and advanced tradecraft across cloud-native and internet-facing environments. About the RoleAs an Offensive Security Researcher, you'll identify and weaponise real-world attack paths across Cloud, SaaS, CI/CD pipelines, modern web applications, identity systems, and internet-exposed infrastructure. You'll collaborate with elite offensive practitioners to conduct deep technical research, develop new offensive methodologies, and scale successful attack techniques through automation and tooling.This role is ideal for senior-level offensive security professionals who enjoy autonomy, creative problem solving, vulnerability discovery, exploit research, red teaming, and advanced offensive engineering. Key ResponsibilitiesHunt for high-value vulnerabilities across cloud platforms, SaaS environments, internet-facing infrastructure, APIs, identity systems, and modern applicationsDiscover and exploit complex attack chains beyond publicly known CVEs and commodity techniquesConduct advanced offensive security research into emerging attack vectors, adversary tradecraft, and exploitation methodologiesPerform red team operations and adversary emulation against modern enterprise environmentsDevelop offensive tooling, PoCs, exploit automation, and research frameworks using Python, Go, or similar languagesAutomate vulnerability discovery, exploit validation, reconnaissance, and offensive workflows at scaleCollaborate with Offensive Engineering teams to operationalise successful techniques and improve offensive capabilityResearch cloud-native attack paths across AWS, Azure, GCP, SaaS ecosystems, CI/CD pipelines, and identity providersContribute to blogs, whitepapers, technical research, or conference talks (optional but encouraged)

Required Skills & ExperienceProven hands-on experience in Offensive Security, Red Teaming, Vulnerability Research, or Adversary SimulationStrong understanding of modern attack surfaces including cloud infrastructure, SaaS platforms, APIs, identity systems, and web applicationsDemonstrated ability to discover high-impact vulnerabilities and complex attack paths beyond known CVEsExperience exploiting cloud identities, IAM misconfigurations, CI/CD pipelines, SSO environments, or internet-exposed servicesStrong knowledge of adversary tradecraft, post-exploitation, lateral movement, privilege escalation, and modern offensive methodologiesScripting or development capability in Python, Go, or similar languages for automation, tooling, exploit development, or offensive researchAbility to operate autonomously in highly technical offensive environmentsDeep technical curiosity with a research-driven attacker mindset Desirable / Bonus ExperienceExploit development experienceCloud exploitation and cloud-native offensive security researchPublic vulnerability disclosures, bug bounty achievements, or original security researchExperience building offensive security tooling or frameworksConference presentations, technical blogs, or published researchKnowledge of detection evasion, offensive automation, or large-scale attack surface analysis Offensive Security, Red Team, Vulnerability Research, Exploit Development, Cloud Security, AWS, Azure, GCP, SaaS Security, Adversary Simulation, Offensive Engineering, Attack Path Analysis, CI/CD Security, Identity Security, Web Application Security, API Security, Python, Go, Exploit Automation, Post-Exploitation, Privilege Escalation, Lateral Movement, Threat Emulation, Security Research, Offensive Tooling, Vulnerability Discovery, Internet-Exposed Infrastructure, Offensive Tradecraft, Penetration Testing, Cloud Exploitation