Logo for Offchain Labs

Senior Security Engineer (Offensive)

Role overview

Qualifications

  • 5+ years of experience in offensive security, penetration testing, red teaming, or a closely related field.
  • Extensive experience with conducting code audits to identify and remediate security issues.
  • Experience with binary exploitation.
  • Strong programming skills in Python, Go, or similar languages, with proven experience developing tools or automation.

Responsibilities

  • Conduct comprehensive code audits across a variety of internal applications and infrastructure.
  • Conduct comprehensive penetration tests across cloud environments (AWS), infrastructure, and backend applications.
  • Collaborate with detection engineering, threat intelligence, and incident response groups to review security controls, uncover coverage gaps, and enhance overall detection quality.
  • Own offensive security projects from start to finish, mentor junior team members, and cultivate a culture of ongoing learning and knowledge exchange.

About the company

Offchain Labs logo

Offchain Labs

Computer Software / SaaS

Offchain Labs is researching and developing scaling solutions for Ethereum smart contracts.Arbitrum One and Nova are powered by Nitro, our proprietary technology stack. Nitro’s next-generation rollup architecture provides 7x more throughput than Ethereum and lower fees without sacrificing any security. Prysm is an official Ethereum proof-of-stake client written in Go. Both individuals and institutions can use Prysm to participate in Ethereum's decentralized economy by running a node and earn rewards by running a validator to help secure the Ethereum blockchain.Upcoming Stylus will enable users to deploy programs written in popular programming languages like Rust, C, C++, and more, side-by-side with existing Solidity dApps on the same Arbitrum blockchain.

Company details

Company typeStartup
IndustryComputer Software / SaaS
Company size11 - 50

Your match analysis

See how your profile stacks up against this role.

We compared the job requirements to your profile to show where you're strong and where you fall short.

Job description

At Offchain, we aren’t just building products: we’re leading a movement. 
 
As pioneers in blockchain scalability and security, we're at the forefront of transforming how the world interacts with decentralized applications. We're laying the foundation that will define the next generation of digital commerce, governance, and human interaction. This involves tackling real-world challenges that come with scaling blockchain technology, without compromising on its core principles: decentralization, security and transparency. 
 
At the center of this vision is our people. Our team is made up of thinkers and doers that embrace new challenges and seek solutions that push existing boundaries. If you’re energized by solving unprecedented problems, and believe in the role that decentralized systems will play in creating a more equitable digital future, then we want to hear from you. 
 
Why Offchain?
 
Offchain is setting the pace for the entire Ethereum ecosystem. We built the Arbitrum stack that powers Arbitrum One, the most widely adopted Ethereum scaling solution that exists today.
 
Arbitrum’s ecosystem is undergoing tremendous growth with hundreds of projects and dApps on Arbitrum One today. Over 100 different teams have used Offchain technology to build their own Arbitrum chains. Major players in the space, Robinhood, BlackRock, Ethena Labs, Securitize, Aave, and Apechain are all using the Arbitrum stack.
 
Arbitrum’s thriving ecosystem wouldn’t exist without our advanced technology stack. Arbitrum, Prysm, ZeroDev. These aren’t just product names. These are tools that are actively reshaping what's possible on Ethereum and advancing its core infrastructure.
 
To top it all off? We’re backed by $124 million in funding. We’ve demonstrated consistent execution with billions in secured value, thousands of supported projects, and infrastructure processing millions of transactions seamlessly.

The Role
  • As a Security Engineer at Offchain, you will emulate the real-world tactics, techniques, and procedures of sophisticated adversaries to surface vulnerabilities across our infrastructure and ecosystem tools.
  • You’ll run hands-on penetration tests, lead red team exercises, and work side-by-side with blue team partners to test, refine, and strengthen detection and response capabilities.
  • Your efforts will directly shape how Offchain designs, launches, protects, and achieves compliance for the infrastructure that powers millions of users and applications - including key standards such as SOC 2.

  • What you'll do:
  • Conduct comprehensive code audits across a variety of internal applications and infrastructure.
  • Conduct comprehensive penetration tests across cloud environments (AWS), infrastructure, and backend applications.
  • Collaborate with detection engineering, threat intelligence, and incident response groups to review security controls, uncover coverage gaps, and enhance overall detection quality.
  • Build, maintain, and evolve custom offensive tools, scripts, and automation frameworks to increase assessment speed.
  • Offer offensive security expertise during incident investigations, including log analysis and root cause reviews.
  • Keep up with evolving threats, vulnerabilities, and attack methods; share research internally and engage with the wider security community.
  • Own offensive security projects from start to finish, mentor junior team members, and cultivate a culture of ongoing learning and knowledge exchange.

  • What you'll need:
  • 5+ years of experience in offensive security, penetration testing, red teaming, or a closely related field.
  • Extensive experience with conducting code audits to identify and remediate security issues.
  • Experience with binary exploitation.
  • Mastery of AWS & specific attack techniques and configuration weaknesses.
  • Strong understanding of adversary tactics and frameworks like MITRE ATT&CK.
  • In-depth knowledge of web application security, including OWASP Top 10, ASVS, and common vulnerability categories.
  • Proficiency using offensive security tools such as Burp Suite, nuclei and similar frameworks.
  • Strong programming skills in Python, Go, or similar languages, with proven experience developing tools or automation.
  • Excellent written and verbal communication skills, with the ability to present complex technical details as clear, risk-focused recommendations.
  • A natural ability to think like an attacker - creative, determined, and skilled at assessing risk across complex systems.

  • Nice-to-haves
  • Web3 / blockchain security exposure: smart contract auditing, bug bounty hunting (e.g., Immunefi, Code4rena), or DeFi protocol review.
  • Familiarity with Ethereum L1 / L2 node architecture and security risks.
  • Experience in blockchain infrastructure penetration testing.
  • Attention Offchain Job Seekers:
     
    This role cannot be performed in California, or Colorado.
     
    Please be advised that there has been a rise in fraudulent recruiter activities, particularly within the Web3 space. If you would like to confirm whether someone is an Offchain employee or the legitimacy of an offer you received, please email jobs@offchainlabs.com
     
    At Offchain, we are committed to building a welcoming and supportive workplace for all employees, regardless of their background or identity. We strive to create an environment where everyone feels valued and has an equal opportunity to succeed and thrive. We encourage candidates from all walks of life to apply and join our team.

    Apply once. Then go straight to the hiring manager.

    After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.

    MR

    Marcus Rivera

    Chief Revenue Officer

    m.rivera@company.com
    linkedin.com/in/marcusrivera
    Unlocked after you apply
    ·

    Security Engineer Related jobs

    Other jobs at Offchain Labs

    Premium

    Reach out to the hiring manager directly.

    Gain access to the contact details of the hiring managers who actually decide, and reach out to network with them directly. That, plus more when you upgrade:

    • Full match report with fit score and gaps
    • Career diagnostics on how recruiters read you
    • Curated company matches and warm intros
    • 48h early access to new roles

    Cancel anytime.