×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity

Offensive Security Engineer

Job in Tempe, Maricopa County, Arizona, 85285, USA
Listing for: RunBuggy OMI, Inc.
Full Time position
Listed on 2026-06-16
Job specializations:
  • IT/Tech
    Cybersecurity
Salary/Wage Range or Industry Benchmark: 100000 - 125000 USD Yearly USD 100000.00 125000.00 YEAR
Job Description & How to Apply Below

Description

About Us:

Run Buggy is the most technically advanced automotive logistics platform on the market. Period.

Backed by Porsche Ventures and Hearst Ventures, Run Buggy is transforming the way cars move. Our cutting‑edge technology is trusted by some of the largest OEMs, captive finance companies, and automotive lenders in the world to streamline vehicle transportation at scale.

Run Buggy’s end‑to‑end platform connects car shippers and haulers in real time – eliminating the friction of traditional load boards and costly custom software. For shippers, Run Buggy integrates directly into existing management systems, reducing transportation costs and accelerating delivery timelines. For transporters, we offer a smarter, more profitable way to find, accept, and manage loads – all from a single app.

Since launching in 2019, Run Buggy has grown to over 190 team members, facilitated the movement of hundreds of thousands of vehicles, and attracted tens of thousands of transporters across the U.S.

We’re not just building a better logistics platform – we’re redefining the future of automotive transportation.

About the Role:

The Offensive Security Engineer is a hybrid role combining hands‑on penetration testing, adversary simulation, and security engineering. This position is responsible for proactively identifying, exploiting, and validating vulnerabilities while also partnering with engineering teams to design, implement, and improve security controls across the environment.

This position reports to our Cybersecurity Manager and is a hybrid role (3 days in office per week).

What You Will Be Doing:
  • Experience with leveraging components of a modern software development stack to attack companies, including CI, container orchestration systems (Kubernetes/Docker), cloud providers (AWS), and be able to give hardening suggestions.
  • Conduct offensive security engagements, including Red Team operations, threat-based evaluations, and vulnerability research and exploitation against both internal and external-facing systems.
  • Plan and execute black‑box, grey‑box, and white‑box web application penetration tests against Run Buggy production and staging environments.
  • Maintain tooling (Burp, Metasploit, C2 frameworks, custom scripts) for exploitation, detection validation, and security assessments.
  • Conduct API security testing (REST, Graph

    QL) including authentication bypass, injection, broken object‑level authorization (BOLA/IDOR), and business logic flaws.
  • Perform cloud configuration reviews (AWS) and assess infrastructure‑level exposure where it intersects with web application attack surfaces.
  • Produce clear, risk‑ranked findings reports with reproducible proof‑of‑concept and actionable remediation guidance for both technical and non‑technical audiences.
  • Collaborate with engineering to validate fixes and re‑test remediated vulnerabilities.
  • Perform social engineering exercises (phishing, credential harvesting), where applicable.
  • Contribute to bug bounty triage, third‑party assessment coordination, and security tooling selection.
  • Support compliance efforts (SOC 2, PCI DSS) by providing evidence and attestation tied to pen test scope and outcomes.
  • Stay current on emerging attack techniques and translate threat intelligence into test cases relevant to Run Buggy’s stack.
  • Other duties as assigned.
Requirements What You Bring to the Team by Way of

Skills and Experience:
  • Bachelor’s degree in Cybersecurity or related field required.
  • 3+ years of hands‑on web application penetration testing experience in a professional or consulting capacity.
  • Passion and demonstrated experience for challenging security assumptions.
  • Deep familiarity with MITRE ATT&CK, OWASP Top 10, OWASP API Security Top 10, and OWASP Top 10 for LLMs.
  • Proficiency with standard tooling:
    Burp Suite, OWASP ZAP, Nmap, Metasploit, SQLmap, Nikto.
  • Demonstrated ability to exploit and document authentication/authorization flaws, injection vulnerabilities, XXE, SSRF, deserialization issues, and insecure direct object references.
  • Strong written communications: findings reports must be usable by both developers and executives.
  • Experience testing RESTful and/or Graph

    QL APIs.
  • Experience with AWS…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search