NodeRisk is hiring an Associate Engineer – Offensive Security to support our penetration testing and adversary simulation engagements across web, API, cloud, mobile, and infrastructure environments.

This role is ideal for an early-career offensive security professional with hands-on pentesting exposure, strong technical curiosity, and the ability to contribute to real client assessments while working alongside senior security consultants and our AI-driven continuous pentesting platform.

Key Responsibilities

Penetration Testing & Assessments

• Conduct Web Application Penetration Tests focusing on OWASP Top 10, access control flaws, IDORs, injection vulnerabilities, and authentication weaknesses.
• Perform API Security Testing including OAuth/JWT validation, authorization bypasses, and abuse case testing.
• Support Network & Infrastructure Pentesting including service enumeration, exploitation validation, and secure configuration review.
• Assist in Cloud Security Assessments (AWS/Azure) covering IAM issues, exposed assets, and misconfigurations.
• Participate in controlled exploitation and post-exploitation activities under defined rules of engagement.

Reporting & Communication

• Document findings clearly with strong technical evidence, impact explanation, and remediation guidance.
• Contribute to professional client-ready deliverables including vulnerability reports and executive summaries.
• Communicate effectively with internal teams and support remediation discussions where required.

Required Skills & Qualifications

• 1–2 years of experience (or equivalent hands-on exposure) in penetration testing, AppSec, or offensive security.
• Strong understanding of: Web protocols (HTTP/S, cookies, sessions) Authentication & authorization models OWASP Top 10 and common exploitation patterns
• Familiarity with industry-standard tools
• Comfortable working in Linux environments and writing basic scripts.

Preferred Qualifications (Nice to Have)

• Experience with bug bounty platforms (HackerOne, Bugcrowd, Intigriti, YesWeHack etc).
• Knowledge of Active Directory attack paths (Kerberoasting, NTLM relays, privilege escalation).
• Exposure to mobile security testing or cloud pentesting.
• Programming ability in: Python, Bash, JavaScript
• Certifications (bonus): eJPT, PNPT, OSCP+, Security+

What We Offer

• Work on real-world pentests across enterprise environments.
• Mentorship from senior offensive security engineers.
• Opportunity to contribute to AI-assisted pentesting innovation (Strike7 / NodeRisk).
• Fast growth path into Consultant / Senior Offensive Security roles.
• Exposure to modern red teaming and continuous security testing approaches.

Role Details

• Title: Associate Engineer – Offensive Security
• Location: Remote / Hybrid
• Employment Type: Full-time
• Start: Immediate

How to Apply

Share your CV along with any of the following (strong plus):

• GitHub tools/scripts
• HTB/THM profile
• Writeups or research work