Senior Offensive Security Specialist

Be among the first 25 applicants The Bullish Offensive Security and Vulnerability Management (OSVM) team provides Bullish Global with the capabilities to ensure that our products and services are secure and meet the security obligations expected by our customers and regulators. The OSVM team helps to secure all of Bullish Global, which includes the Bullish Exchange, CoinDesk, and CCData. The OSVM team regularly performs manual security assessments and penetration testing across a variety of technologies, source code reviews, vulnerability remediation support, automated security testing, security tool development, and red‑teaming. We are seeking a Senior Offensive Security Specialist to join our Offensive Security team to help secure Bullish Global. In this exciting role, you will be a key player within an elite security team delivering industry‑leading Crypto services. This role will work closely with product and engineering teams to deliver secure software. This work will include delivering a wide range of security capabilities across a modern technology stack. This role will also work closely with developers to diagnose, document, and remediate application security vulnerabilities. The ideal candidate will be a mix of hacker, programmer, and security enthusiast who has a special passion for the unique promise and challenge of a dynamic environment working with a variety of products and teams. Responsibilities Perform mobile and API penetration testing. Support project tasks and deadlines for engineering teams spanning multiple time zones. Create unique tools to assist in scaling the security program. Exploit vulnerabilities found in product systems and clearly communicate complex vulnerabilities to both technical and non‑technical staff. Create detailed technical reports explaining technical and business risk of the vulnerabilities found to include actionable recommendations/considerations. Provide technical leadership/mentorship to the security and engineering teams. Writing new tools and automation. Other duties as assigned. Required skills and experience 5+ years of relevant experience in cyber security. Bachelor’s Degree in Computer Science or related field. Experience in performing senior‑level penetration testing and application security assessments, conducting design code reviews, applying offensive security methodologies, and demonstrating high ethical standards. Familiarity with attack tools such as Burp Suite, Nessus, Kali Linux and similar tools. Knowledge of common attacks and vulnerabilities including OWASP Top 10 and SANS CWE 25. Exposure to and understanding of various security assessment activities including Mobile application assessments (iOS and Android), web Services API assessments (examples: REST, GraphQL and Message Queues), and hardware/embedded systems. Ability to effectively assess risks and severity and communicate vulnerability impact to management and engineering teams. Solid understanding of network and protocol basics including IP, DNS, HTTP and SSL/TLS. Familiarity with basic cryptographic concepts including PKI, cryptographic algorithms, application of cryptography for encryption at rest and in motion. Solid understanding and experience with software development practices across larger organizations, Agile fundamentals, Continuous Integration/Testing/Delivery tools and techniques, and familiarity with scanning and intelligence tools, including Vulnerability Management, SAST, DAST, OSA, and API traceability. Experience with public cloud concepts, architectures and tools (AWS, Azure and/or GCP). Proficiency with basic Linux systems privilege and permission models, admin and operational concepts, and basic scripting. Holder of Application Security and Penetration Testing certifications such as OSCP, OSCE or OSWE; other Information and Cyber Security certifications Inhouse and third party penetration testing experience. Bonus Strong self‑starter who has the ability to operate independently. Possess restlessness and desire to break into things. Developed communications skills with ability to deliver concepts effectively to non‑technical audience including senior leadership; proficiency in preparation of presentations, analytical reports, and documents regarding program operational status, achievement and performance. Experience of external communications including papers and conference presentations. Seniority level Mid‑Senior level Employment type Full‑time Job function Information Technology #J-18808-Ljbffr