Scope an Engagement
Careers

Offensive Security
is a Team Sport

We're a small, senior team of offensive security practitioners. We don't hire for headcount — we hire when we find someone exceptional. If you operate at a level where you're frustrated by what passes for penetration testing elsewhere, we should talk.

careers@offcept.com
How We Work

The Principles That
Define Us

Practitioners, Not Vendors

Everyone on our team does the work. No account managers, no project coordinators between you and the client. You scope, you test, you report — and you own the outcome.

Research Driven

We allocate dedicated time for original research. CVE discovery, tool development, and conference presentations are part of the job — not something you do on weekends.

No Checkbox Mentality

We don't run automated scanners and call it a penetration test. Every engagement is manually executed by senior practitioners. If you want to do real offensive security, this is the place.

Remote-First

Our team operates globally. We collaborate asynchronously, document thoroughly, and trust each other to deliver. We don't track hours — we measure results.

Open Positions

Who We're Hiring

Senior Red Team Operator

Full-time · Remote

We're looking for a senior red team operator with experience in full-scope adversary simulation. You'll lead engagements, develop custom tooling, and contribute to our research pipeline. CRTO, OSCP, or equivalent certifications expected.

Requirements

  • 3+ years of red team or offensive security experience
  • Proficiency in custom C2 infrastructure and payload development
  • Active Directory and cloud environment attack experience
  • Strong technical writing — reports you'd be proud to sign your name to

Vulnerability Researcher

Full-time · Remote

Join our CVE discovery team. You'll perform original vulnerability research against commercial products and open-source software — from reverse engineering to PoC development and coordinated disclosure.

Requirements

  • Experience in binary analysis, fuzzing, or web vulnerability research
  • Track record of CVE discovery or bug bounty findings
  • Proficiency in Python, C, or Go
  • Familiarity with coordinated disclosure processes

Web Application Penetration Tester

Full-time · Remote

Manual penetration testing of web applications, APIs, and cloud environments. You'll work across financial services, healthcare, and technology clients — finding vulnerabilities that matter, not just what scanners flag.

Requirements

  • 2+ years of web application penetration testing
  • Deep knowledge of OWASP Top 10 and API Security Top 10
  • Experience with GraphQL, OAuth, and modern authentication
  • OSCP, BSCP, or equivalent certification

Don't see a role that fits? Send your CV and a note on what you do best to careers@offcept.com.