[Remote] Product Security (Vulnerability Research & Offensive Security) Engineer

Note: The job is a remote job and is open to candidates in USA. netPolarity, Inc. is seeking a Senior Product Security Engineer with a strong technical research background in vulnerability research and offensive security. The role focuses on proactively discovering and validating complex attack paths within the client product ecosystem, providing insights to enhance security measures and leverage AI-driven engineering.

Responsibilities

• Attack Path Discovery: Partner with Security Architects to identify and technically validate potential exploit sequences. You will engineer proofs-of-concept to demonstrate how individual vulnerabilities can be linked to create significant product exposure
• Impact Analysis: Perform deep-dive technical research to determine the exact “blast radius” of a vulnerability. You will be responsible for identifying exactly which products and versions are impacted and what specific data or services are at risk
• Proactive Defense: Translate offensive research into preventative measures, providing Engineering teams with the technical evidence and architectural guidance needed to implement robust, long-term mitigations
• AI-Enhanced Security Engineering: Explore and implement AI-driven automation to enhance our discovery and analysis capabilities. You will use emerging technologies to scale the identification of complex vulnerability patterns across the stack
• Technical Advocacy: Serve as a senior technical subject matter expert during high-stakes triage, helping stakeholders understand the practical reality of threat through evidence-based technical analysis and exploit modeling

Skills

• Technical Research Background: 6-9 years of experience in Product Security Engineering, Vulnerability Research, or Offensive Security, with a focus on deconstructing complex software systems
• Architectural Mindset: A talent for 'Attack Path Thinking', you can look at a complex architecture and identify how a minor logic flaw could lead to a major compromise
• Technical Depth: A strong understanding of software vulnerabilities (logic flaws, memory corruption, auth bypasses) and how they manifest in cloud-native and hybrid-cloud environments
• AI/ML Curiosity: Experience or a strong interest in using AI-driven tools to scale security engineering and automate the discovery of sophisticated vulnerability patterns
• Collaborative Inquiry: An ability to work as peer with Architects and Developers, using technical data and research to build consensus on remediation paths
• Experience with reverse engineering or high-level exploit development in a research-focused environment
• Familiarity with 'Graph-based' security analysis (mapping relationships between assets, permissions, and vulnerabilities)
• Contributions to the security community, such as tool development, technical whitepapers, or responsibility disclosed CVEs
• Experience in a distributed engineering environment where technical evidence is the primary driver of security prioritization

Benefits

• Job Location - San Jose, California - W2 role - 100% remote with 10 hours overtime/week allowed

Company Overview

Company H1B Sponsorship