Staff Offensive Security Engineer at Greenlight

Greenlight is the leading family fintech company on a mission to help parents raise financially smart kids. We proudly serve more than 6 million parents and kids with our award-winning banking app for families. With Greenlight, parents can automate allowance, manage chores, set flexible spend controls, and invest for their family’s future. Kids and teens learn to earn, save, spend wisely, and invest.    At Greenlight, we believe every child should have the opportunity to become financially healthy and happy. It’s no small task, and that’s why we leap out of bed every morning to come to work. Because creating a better, brighter future for the next generation depends on it. The Security team at Greenlight is a group of mission-driven engineers dedicated to building a world-class security program. We don’t just find bugs; we partner with engineering teams to design resilient systems. As a Staff Offensive Security Engineer, you will be a technical leader within the organization, driving the strategy for how we identify, simulate, and mitigate advanced threats. What you will be doing: • Lead Technical Strategy: Define the long-term vision for offensive security at Greenlight, moving beyond point-in-time testing to continuous security validation. • Red Teaming & Adversary Simulation: Design and execute complex, multi-stage adversary simulations targeting our cloud infrastructure (AWS), mobile applications (iOS/Android), and internal corporate environments. • Vulnerability Research: Conduct deep-dive research into high-risk areas of our ecosystem, identifying zero-day vulnerabilities or sophisticated logic flaws that automated tools miss. • Pave the "Golden Path": Partner with DevOps and Engineering to build automated security guardrails and "self-healing" infrastructure that prevents common attack vectors from being introduced. • Incident Response Support: Work closely with the Detection and Response team to improve our monitoring capabilities by performing "purple team" exercises to validate alert coverage. • Mentorship: Act as a force multiplier by mentoring senior and mid-level engineers, fostering a culture of security-minded development across the entire R&D organization. What you should bring: • Expert-level Offensive Skills: 8+ years of experience in offensive security, red teaming, or penetration testing, with a proven track record of uncovering critical vulnerabilities in complex environments. • Cloud Native Expertise: Deep understanding of AWS security architecture, including IAM bypass techniques, container escapes (Kubernetes), and serverless security. • Application Security Depth: Experience with manual code review (Node.js, Python, or Go) and bypass techniques for modern web and mobile security controls. • Automation Mindset: Ability to script in Python, Bash, or Go to automate exploitation chains or integrate security testing into CI/CD pipelines. • Strategic Communication: The ability to translate complex technical risks into business impact for executive stakeholders while remaining a trusted peer to software engineers. • Relevant Certifications (Optional but valued): OSCP/OSCE, GXPN, or equivalent demonstration of deep technical skill. Who you are: • An Ethical Hacker at Heart: You are curious, persistent, and think outside the box to find ways around traditional security controls. • A Collaborative Partner: You believe that "breaking things" is only half the job; the real value is in helping the team build them back stronger. • Owner Mindset: You take pride in your work and feel a deep sense of responsibility for the safety of our families and their finances. Who we are: It takes a special team to aim for a never-been-done-before mission like ours. We’re looking for people who love working together because they know it makes us stronger, people who look to others and ask, “How can I help?” and then “How can we make this even better?” If you’re ready to roll up your sleeves and help create a world where every child grows up to be happy and healthy in money and life, apply to join our team.    Greenlight is an equal opportunity employer and will not discriminate against any employee or applicant based on age, race, color, national origin, gender, gender identity or expression, sexual orientation, religion, physical or mental disability, medical condition (including pregnancy, childbirth, or a medical condition related to pregnancy or childbirth), genetic information, marital status, veteran status, or any other characteristic protected by federal, state or local law.   Greenlight is committed to an inclusive work environment and interview experience. If you require reasonable accommodations to participate in our hiring process, please reach out to your recruiter directly or email [Upgrade to PRO to see contact].