Offensive Security Engineer (Security Penetration Tester)

An Insight Global client is currently looking for an offensive security engineer to join their team. This person will be responsible for:
• Conduct hands-on penetration testing across web applications, APIs, cloud infrastructure, and SaaS platforms
• Review, reproduce, validate, and triage customer‑submitted penetration test findings
• Perform black box, grey box, and white box assessments based on scope and rules of engagement
• Execute cloud penetration testing in AWS & Azure, including:
○ Identity & access misconfigurations
○ Privilege escalation and lateral movement
○ Exposed services, data stores (e.g., S3), secrets, and key management
○ Serverless (Lambda), managed databases, and Kubernetes (EKS)
• Perform architecture reviews and threat modeling for SaaS and cloud services
• Review Infrastructure as Code (Terraform) and security pipelines for weaknesses
• Conduct manual, depth-driven testing beyond automated scan results
• Test AI/LLM-powered systems, including:
○ Jailbreaking and prompt injection
○ Instruction and privilege escalation testing
○ Data access and sensitive information disclosure
○ Validation of guardrails and safety controls
• Use tools such as Burp Suite, Kali Linux, and AI-enabled testing tools (Promptfoo, PyRIT, MCP-based tools)
• Author detailed penetration test reports, including:
○ Executive summaries
○ Technical findings
○ Risk scoring and remediation guidance
• Lead scoping conversations with internal teams, customers, and vendors (ROE, credentials, scope)
• Perform retesting and validation of remediated findings
• Support purple-team style testing, validating detective controls and providing feedback
• Complete multiple assigned penetration tests per sprint while handling ad-hoc customer requests and incident validation

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

• 5+ years of experience in offensive security / penetration testing
• Strong experience with web application and API security testing
• Hands-on cloud security testing experience in AWS and Azure
• Deep understanding of:
○ OWASP Top 10 (web)
○ API security risks
○ SaaS integration risks
• Experience conducting manual penetration testing (not scan-only)
• Experience validating and reproducing third-party pen test findings
• Familiarity with Terraform/IaaC security reviews
• Strong technical writing skills for security reports and executive summaries

• AI/LLM security testing experience (jailbreaking, guardrail validation, prompt injection)
• Offensive security certifications (OSCP, OSWE, GXPN, OSEP, etc.)
• Experience with GraphQL API testing
• Kubernetes security testing experience
• SaaS platform security experience (Salesforce, GitLab, Microsoft 365)
• Purple team or detection validation experience
Prior fintech, SaaS, or regulated-industry security experience

Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.