Security Research Engineer

We are seeking a Security Research Engineer to operate as a hybrid Forward Deployed Engineer and offensive security researcher. You'll be on the front lines of customer engagements — using our open source tool Apex to run pentests, curate and present findings, and stand up our platform inside customer environments. In parallel, you'll drive original offensive and open source security research, and feed everything you learn in the field back into the product so Pensar keeps getting sharper as a pentesting platform.

This role is customer-facing by design. The ideal candidate is equally comfortable in a terminal popping shells with Apex, on a Zoom with a CISO walking through findings, and in a design review arguing for the next product capability.

Key Responsibilities

Customer Engagements & Forward Deployed Work

• Run end-to-end pentest engagements for customers using Apex, our open source offensive security tool
• Curate, triage, and contextualize findings for customer audiences ranging from engineers to executives
• Deliver clear, prioritized write-ups and walk customers through results, exploitation paths, and remediation
• Set up and configure the Pensar platform inside customer environments, including integrations and workflows
• Act as a trusted technical partner for customers throughout onboarding, engagements, and ongoing usage
• Travel to customer sites as needed for kickoffs, readouts, and on-site testing

Offensive Security Research

• Conduct original offensive security research across web, cloud, infrastructure, and AI/LLM attack surfaces
• Develop new exploitation techniques, payloads, and tooling that extend Apex's capabilities
• Build automated testing methodologies for emerging vulnerability classes and attacker tradecraft
• Track the evolving threat landscape and translate it into concrete detections and capabilities

Open Source Security Research

• Lead vulnerability research across high-impact open source projects and ecosystems
• Verify findings, build proof-of-concept exploits, and coordinate responsible disclosure with maintainers
• Contribute patches, advisories, and tooling back to the open source community
• Grow Pensar's reputation in the security research community through publications, talks, and contributions

Product Feedback & Pentesting Roadmap

• Translate firsthand engagement experience into concrete recommendations for the product roadmap
• Partner with engineering and product on capabilities, UX, and automation that make pentesting faster and more reliable
• Participate in architecture and design reviews with a focus on the pentester's workflow
• Help shape Apex's direction as an open source project alongside the internal platform

Compensation

• Base salary: $120,000 – $175,000per year, depending on experience
• Meaningful equity in an early-stage offensive security company
• Final offers calibrated to depth of offensive security experience, the breadth of your research record, and the level you join at

Reports To

CEO / CTO

We are an equal opportunity employer committed to diversity and inclusion. We welcome applications from all qualified candidates regardless of race, gender, age, religion, sexual orientation, or disability status.

Requirements

• 5+ years of experience in offensive security, pentesting, red teaming, or vulnerability research

• Strong programming skills in multiple languages (Python, Go, JavaScript, C/C++)
• Deep, hands-on understanding of modern vulnerability classes across web, cloud, and infrastructure
• Proven track record of running pentest engagements end-to-end and delivering findings to customers
• Excellent customer-facing communication skills — comfortable presenting to both engineers and executives
• Experience contributing to or maintaining open source security tooling
• Bachelor's degree in Computer Science, Cybersecurity, or related field, or equivalent experience

Preferred Qualifications

• Experience with AI/LLM-assisted offensive security or building security automation on top of LLMs
• Prior Forward Deployed Engineer, solutions engineering, or consulting experience at a security or developer tools company
• Security certifications (OSCP, OSCE, OSWE, GXPN, or equivalent)
• Public security research, CVEs, conference talks, or notable open source contributions
• Experience with cloud security (AWS, GCP, Azure) and containerized environments
• Familiarity with compliance frameworks (SOC 2, ISO 27001, PCI DSS) as they relate to pentesting

Benefits

• Comprehensive health, dental, and vision insurance

• Direct ownership of customer engagements and offensive research at an early-stage security company
• Professional development budget for conferences, training, and certifications
• Support for publishing research and presenting at industry conferences
• Direct, visible impact on both our open source tooling and commercial platform