Senior Product Security Engineer (Offensive)

Glocomms is partnered with a successful FinTech firm specializing in digital assets and blockchain infrastructure to support the search for a Senior Offensive Product Security Engineer. This is a hybrid role based in New York City, offering the opportunity to work on cutting-edge security challenges in a fast-paced, high-growth environment.

The ideal candidate is a seasoned Offensive Security professional with a strong engineering background. This role will be responsible for leading proactive security efforts across the organization's product suite, focusing on offensive security techniques to identify vulnerabilities, simulate adversarial behavior, and strengthen the overall security posture of the platform.

Key Responsibilities:

• Design and execute offensive security assessments, including penetration testing and red team operations.
• Collaborate with engineering and product teams to integrate security into the development lifecycle.
• Develop custom tooling and automation to support offensive security initiatives.
• Conduct threat modeling and architecture reviews for new and existing systems.
• Research emerging threats and contribute to the continuous improvement of internal security practices.
• Support incident response teams with adversary simulation and post-mortem analysis.
• Mentor junior team members and help shape the security culture across the organization.

Qualifications:

• 5+ years of experience in offensive security, red teaming, or penetration testing.
• Strong programming/scripting skills (e.g., Python, Bash) and experience building custom security tools.
• Deep understanding of application security, cloud infrastructure, and common vulnerability classes.
• Hands-on experience with tools such as Burp Suite, Metasploit, Cobalt Strike, and similar frameworks.
• Familiarity with blockchain technologies and smart contract security is a plus.
• Strong communication skills and ability to work cross-functionally.
• Bachelor's degree in Computer Science, Cybersecurity, or related field (or equivalent experience).

Additional Information:

Candidates must be based in the New York City area (or willing to relocate) and open to following a hybrid schedule - approximately three days per week onsite.

The company does not offer visa sponsorship for this position and cannot engage with C2C or C2H arrangements.