Offensive Security Engineer

Número De
Barcelona, Spain
yesterday

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Shift work
Languages
English
Compensation
€ 68K

Job location

Barcelona, Spain

Tech stack

API
Software System Penetration Testing
Confluence
JIRA
Bash
Burp Suite
Virtual Private Servers
Computer Security
Linux
Domain Name System Security Extensions
DNS
Networking Hardware
Python
Kali Linux
Network Security
Windows Server
Network Service
NMap
Powershell
Red Team (Cyber Security)
Wireshark
Web Applications
Network Routers
Scripting (Bash/Python/Go/Ruby)
Software Security
Firewalls (Computer Science)
GIT
Information Technology
Firewall Services Module
SentinelOne Expertise
Vulnerability Analysis

Job description

This role offers the opportunity to strengthen cybersecurity defenses by proactively identifying vulnerabilities and simulating real-world attacks across a complex digital environment. As an Offensive Security Engineer, you will own external attack surface testing, reconnaissance activities, and adversary emulation initiatives to improve security resilience. You will work closely with security operations, infrastructure, network, and IT teams to transform offensive findings into practical defensive improvements. The position combines penetration testing, vulnerability research, automation, and security strategy in a remote-first technology environment. You will play a key role in improving perimeter protection, validating security controls, and helping build stronger defenses against evolving threats. Accountabilities:

  • Monitor, map, and assess the organization's external attack surface, including domains, subdomains, websites, public IP ranges, and DNS configurations.
  • Conduct offensive security testing, penetration assessments, and reconnaissance activities to identify vulnerabilities across external-facing systems and infrastructure.
  • Perform adversary emulation exercises against endpoint environments to validate the effectiveness of EDR, XDR, and security monitoring solutions.
  • Assess the security posture of office infrastructure, network devices, physical hardware, and internal edge systems.
  • Execute scoped security testing on web applications and public APIs, identifying weaknesses and providing remediation guidance.
  • Collaborate with security and infrastructure teams to validate firewall rules, perimeter controls, segmentation policies, and defensive configurations.
  • Translate technical findings into actionable recommendations, vulnerability reports, remediation plans, and security improvements.
  • Develop repeatable security checks, improve asset tracking processes, and maintain visibility into exposure trends.
  • Track vulnerability metrics, remediation progress, attack simulation outcomes, and overall perimeter security health.
  • Support continuous improvement of offensive security practices through automation, documentation, and knowledge sharing.

Requirements

  • Proven experience in offensive security, penetration testing, vulnerability assessments, network security, or adversary emulation.
  • Strong understanding of external attack surface management, DNS security, public infrastructure exposure, and network reconnaissance techniques.
  • Hands-on experience testing Linux and Windows environments, including network services and infrastructure components.
  • Experience performing adversary simulations and evaluating security controls against modern endpoint detection and response platforms.
  • Familiarity with testing routers, switches, firewalls, corporate networks, and workplace IT infrastructure.
  • Ability to translate technical vulnerabilities and security risks into clear, practical remediation actions.
  • Experience identifying web application vulnerabilities and performing scoped API security testing.
  • Strong scripting skills using Python, PowerShell, Bash, or similar languages for automation and security workflows.
  • Knowledge of security testing and reconnaissance tools such as Nmap, Shodan, Censys, Masscan, Amass, Wireshark, Burp Suite, OWASP ZAP, or similar.
  • Experience working with security platforms and technologies such as Microsoft Defender XDR, CrowdStrike Falcon, SentinelOne, Atomic Red Team, or Caldera is highly valued.
  • Strong documentation, analytical, and communication skills with the ability to collaborate across technical teams.
  • Familiarity with tools including Kali Linux, DNS testing utilities, Git, Jira, Confluence, VPS environments, Linux/Windows servers, and network security technologies.

Benefits & conditions

  • Remote-first working environment with flexibility and autonomy.
  • Competitive salary package with quarterly individual performance-based bonuses.
  • 28 days of paid annual leave.
  • Flexible working schedule with core collaboration hours from 10:00 AM to 3:00 PM in your local time zone.
  • Referral bonuses and additional flash bonus opportunities.
  • High-quality equipment provided for your work.
  • Annual company retreats offering opportunities to connect and collaborate with colleagues globally.
  • Opportunity to work on challenging cybersecurity initiatives in a global technology environment.

Apply for this position