Offensive Security Lead

 Posted 4 hours ago
     
5-10 years experience
Apply Now

Please mention DailyRemote when applying

AI Summary

Lead the offensive security strategy and program, conducting hands-on penetration testing and red-team exercises across mobile, web, and cloud environments. Collaborate with engineering and risk teams to remediate vulnerabilities and improve the overall resilience of the financial platform.

Your application and all hiring communication for this role run through the Techy Recruiter team.

About Ajaib

Ajaib is an Indonesian investment platform helping people access and manage investments across stocks, crypto, and U.S. stocks. As the platform continues to grow, protecting our customers, products, and technology is fundamental to maintaining trust.

We’re looking for an Offensive Security Lead to identify weaknesses before attackers do and help strengthen security across our applications, infrastructure, cloud environments, and internal systems.

The role

You’ll lead Ajaib’s offensive security programme and take a hands-on role in testing the resilience of our technology.

You’ll design and execute penetration tests, red-team exercises, adversary simulations, and security assessments across mobile applications, APIs, backend services, cloud infrastructure, and corporate environments.

You’ll work closely with application security, engineering, infrastructure, incident response, and risk teams to turn findings into meaningful improvements. This role requires strong technical depth, sound judgement, and the ability to communicate complex attack paths clearly to both technical teams and senior leaders.

What you’ll do

  • Define and lead Ajaib’s offensive security strategy, roadmap, and testing programme

  • Conduct hands-on penetration testing across mobile applications, web applications, APIs, backend services, cloud environments, and internal systems

  • Plan and execute red-team exercises and adversary simulations based on realistic threat scenarios

  • Identify complex attack paths across applications, infrastructure, identity systems, and third-party integrations

  • Test authentication, authorisation, session management, account recovery, transaction flows, and customer-protection controls

  • Perform security assessments of new products, features, architectures, and high-risk integrations

  • Evaluate the effectiveness of security controls, monitoring, detection, and incident-response capabilities

  • Partner with engineering and security teams to validate remediation and confirm that vulnerabilities are fully resolved

  • Provide clear, practical remediation guidance that helps teams reduce risk without slowing delivery

  • Develop custom testing tools, scripts, payloads, and automation to improve offensive-security coverage

  • Coordinate external penetration tests, specialist assessments, and independent security reviews

  • Support responsible-disclosure and bug-bounty activities, including triage, validation, and remediation tracking

  • Create high-quality reports that explain technical findings, business impact, attack scenarios, and recommended actions

  • Define offensive-security metrics, testing standards, and risk-prioritisation methods

  • Mentor offensive-security engineers and help grow the team’s technical capability

  • Share attack trends, lessons learned, and defensive recommendations with security and engineering teams

  • Stay current with emerging vulnerabilities, attacker techniques, exploitation methods, and threats affecting financial platforms

What you bring

  • Strong experience in penetration testing, red teaming, offensive security, or security research

  • Experience leading offensive-security engagements or mentoring security professionals

  • Deep technical knowledge of web, mobile, API, cloud, infrastructure, and identity security

  • Hands-on experience identifying and exploiting complex vulnerabilities and chained attack paths

  • Strong understanding of common application and infrastructure weaknesses, including the OWASP Top 10 and OWASP API Security Top 10

  • Experience testing authentication, authorisation, access control, cryptography, transaction flows, and business logic

  • Strong knowledge of network protocols, operating systems, cloud environments, containers, and modern application architectures

  • Experience with manual testing techniques as well as offensive-security tools and frameworks

  • Ability to write scripts or tools in languages such as Python, Go, JavaScript, or Bash

  • Experience producing clear technical reports and presenting risk to engineering leaders and senior stakeholders

  • Strong understanding of responsible testing practices, rules of engagement, and safe exploitation

  • Ability to balance technical depth with business context and risk prioritisation

  • Strong written and spoken English

Nice to have

  • Previous experience within fintech, banking, brokerage, payments, investment, or cryptocurrency platforms

  • Experience testing Android and iOS applications

  • Experience with AWS, Google Cloud, or another major cloud platform

  • Familiarity with Kubernetes, containers, service meshes, and cloud-native architectures

  • Experience with adversary emulation frameworks and threat-informed testing

  • Experience running purple-team exercises with detection and incident-response teams

  • Knowledge of fraud, account takeover, identity abuse, transaction manipulation, and financial-platform attack patterns

  • Experience managing bug-bounty or responsible-disclosure programmes

  • Security certifications such as OSCP, OSEP, OSWE, CRTO, GXPN, or equivalent

  • Public security research, vulnerability disclosures, conference presentations, or contributions to security tools

Why join

  • High-impact ownership: shape and lead offensive security for a growing financial platform

  • Hands-on technical work: test real-world systems across mobile, APIs, cloud, identity, and infrastructure

  • Meaningful mission: help protect customers, investments, personal data, and financial transactions

  • Real influence: work directly with engineering and security teams to drive measurable improvements

  • Challenging attack surface: assess complex products spanning stocks, crypto, and U.S. investment services

  • Leadership opportunity: build offensive-security standards, mentor the team, and strengthen Ajaib’s security culture

Notes to Applicants

A few things worth knowing before you apply:

Interviews may include technical, leadership, and offensive-security scenario discussions. You may be asked to explain an attack path, assess an architecture, review a vulnerability, or describe how you would plan and safely execute a red-team exercise.

Please do not include confidential information, customer data, source code, exploit details, security findings, or proprietary information from current or previous employers during the interview process.

If you need accommodations at any stage of the recruitment process, please let us know in your application.

About Techy Recruiter
Techy Recruiter is a boutique hiring partner for startups and scaleups across Europe and the Gulf. We run searches end to end and care about a clear, fair process for every person who applies.

Equal opportunity
We assess people on merit. All applicants are welcome regardless of background, and we do not discriminate on any basis protected by law.

Your data
We treat your information as confidential and use it only for this hiring process.

Similar Jobs

See all Remote Others jobs →

Personalize your Remote Job Search in 3 Easy Steps!

Discover remote opportunities in Others

Answer easy questions

Answer easy questions

200,000+ jobs across 15+ categories

Get your best job matches

Get your best job matches

Only hand-screened, legit jobs

Find a remote job faster

Find a remote job faster

No ads, scams, or junk

I was the first applicant for a remote marketing position that got listed on the company website the same day I applied. Had an interview within 48 hours!

Sarah J. — Sarah J. · Marketing Manager ★★★★★ Verified