Staff Offensive Security Engineer

Greenlight is the leading family fintech company on a mission to help parents raise financially smart kids. We proudly serve more than 6 million parents and kids with our award-winning banking app for families. With Greenlight, parents can automate allowance, manage chores, set flexible spend controls, and invest for their family’s future. Kids and teens learn to earn, save, spend wisely, and invest. 

 

At Greenlight, we believe every child should have the opportunity to become financially healthy and happy. It’s no small task, and that’s why we leap out of bed every morning to come to work. Because creating a better, brighter future for the next generation depends on it.

The Security team at Greenlight is a group of mission-driven engineers dedicated to building a world-class security program. We don’t just find bugs; we partner with engineering teams to design resilient systems. As a Staff Offensive Security Engineer, you will be a technical leader within the organization, driving the strategy for how we identify, simulate, and mitigate advanced threats.

The Security team at Greenlight is a group of mission-driven engineers dedicated to building a world-class security program. We don’t just find bugs; we partner with engineering teams to design resilient systems. As a Staff Offensive Security Engineer, you will be a technical leader within the organization, driving the strategy for how we identify, simulate, and mitigate advanced threats.

Lead Technical Strategy: Define the long-term vision for offensive security at Greenlight, moving beyond point-in-time testing to continuous security validation.

Red Teaming & Adversary Simulation: Design and execute complex, multi-stage adversary simulations targeting our cloud infrastructure (AWS), mobile applications (iOS/Android), and internal corporate environments.

Vulnerability Research: Conduct deep-dive research into high-risk areas of our ecosystem, identifying zero-day vulnerabilities or sophisticated logic flaws that automated tools miss.

Pave the "Golden Path": Partner with DevOps and Engineering to build automated security guardrails and "self-healing" infrastructure that prevents common attack vectors from being introduced.

Incident Response Support: Work closely with the Detection and Response team to improve our monitoring capabilities by performing "purple team" exercises to validate alert coverage.

Mentorship: Act as a force multiplier by mentoring senior and mid-level engineers, fostering a culture of security-minded development across the entire R&D organization.

Expert-level Offensive Skills: 8+ years of experience in offensive security, red teaming, or penetration testing, with a proven track record of uncovering critical vulnerabilities in complex environments.

Cloud Native Expertise: Deep understanding of AWS security architecture, including IAM bypass techniques, container escapes (Kubernetes), and serverless security.

Application Security Depth: Experience with manual code review (Node.js, Python, or Go) and bypass techniques for modern web and mobile security controls.

Automation Mindset: Ability to script in Python, Bash, or Go to automate exploitation chains or integrate security testing into CI/CD pipelines.

Strategic Communication: The ability to translate complex technical risks into business impact for executive stakeholders while remaining a trusted peer to software engineers.

Relevant Certifications (Optional but valued): OSCP/OSCE, GXPN, or equivalent demonstration of deep technical skill.

An Ethical Hacker at Heart: You are curious, persistent, and think outside the box to find ways around traditional security controls.

A Collaborative Partner: You believe that "breaking things" is only half the job; the real value is in helping the team build them back stronger.

Owner Mindset: You take pride in your work and feel a deep sense of responsibility for the safety of our families and their finances.