Security Engineer – Red Team & Offensive Security

2 Weeks ago • 3-6 Years

Job Summary

Job Description

The Security Engineer - Red Team & Offensive Security role at Sitecore involves leading and managing penetration testing, vulnerability management, bug bounty coordination, and code security initiatives. The engineer will work closely with product engineering teams, security stakeholders, and external partners to identify, assess, and drive the remediation of vulnerabilities. The role requires expertise in threat actors, modern attack vectors, and best practices for secure application and infrastructure design. Responsibilities include managing penetration testing, vulnerability management using Wiz, code security via Wiz Code, bug bounty program coordination, attack surface management, threat intelligence, and cross-team collaboration. This position requires strong communication skills and the ability to present technical concepts to non-technical audiences.
Must have:
  • 3-6 years of experience in application security or red team operations.
  • Hands-on experience with security tools and scripting for automation.
  • Familiarity with OWASP Top 10 and cloud-native security.
  • Strong understanding of vulnerability management lifecycle.
Good to have:
  • Experience managing or participating in bug bounty programs.
  • Security certifications such as OSCP, GWAPT, GPEN, or CEH.

Job Details

Security Engineer – Red Team & Offensive Security

About The Role:

Sitecore is seeking a proactive and technically skilled Security Engineer with a focus on Red Team and offensive security operations. This role will support security testing and hardening efforts across Sitecore’s cloud-native and SaaS products by leading and managing penetration testing, vulnerability management, bug bounty coordination, and code security initiatives.

The engineer will work closely with product engineering teams, security stakeholders, and external partners to identify, assess, and drive the remediation of vulnerabilities. The ideal candidate should be deeply familiar with threat actors, modern attack vectors, and best practices for secure application and infrastructure design.

Key Responsibilities:

Penetration Testing & Red Team Operations

  • Own and manage the penetration testing calendar across products and infrastructure.
  • Coordinate with external partners for scheduled and ad-hoc security testing.
  • Analyze and triage findings, produce detailed test reports, and follow up on remediation efforts.

Vulnerability Management (Wiz)

  • Perform regular scanning and analysis using Wiz for cloud and infrastructure vulnerabilities.
  • Prioritize findings based on risk, exploitability, and business impact.
  • Track and report on remediation progress across teams and ensure compliance with internal SLAs.

Code Security (Wiz Code)

  • Work with development teams to integrate secure coding practices and manage static analysis via Wiz Code.
  • Review and triage security findings in application code, guiding engineering teams on remediations.

Bug Bounty Program (HackerOne)

  • Coordinate Sitecore’s Bug Bounty Program with HackerOne, reviewing reports, validating findings, and managing triage workflows.
  • Collaborate with researchers and internal stakeholders to assess and resolve reported vulnerabilities.

Attack Surface Management

  • Continuously monitor Sitecore’s external and internal attack surface.
  • Proactively identify exposed assets, misconfigurations, or gaps that may lead to exploitation.

Threat Intelligence & Security Research

  • Stay current with evolving threat landscapes, vulnerabilities (CVEs), and TTPs (Tactics, Techniques, and Procedures).
  • Share intelligence and recommendations with internal teams to strengthen defenses and design.

Cross-Team Collaboration & Reporting

  • Work closely with Engineering, Cloud, and Product Security teams to share findings, improve visibility, and reduce exposure.
  • Maintain detailed documentation, dashboards, and status reports on open vulnerabilities, tracking remediation timelines and SLAs.

 What You Need to Succeed:

  • 3–6 years of experience in application security, penetration testing, or red team operations.
  • Hands-on experience with tools like Wiz, Wiz Code, Burp Suite, Nmap, Metasploit, and scripting for automation.
  • Familiarity with OWASP Top 10, cloud-native security (Azure, AWS), and container security best practices.
  • Strong understanding of vulnerability management lifecycle, secure SDLC, and offensive security techniques.
  • Experience managing or participating in bug bounty programs is a strong plus.
  • Security certifications such as OSCP, GWAPT, GPEN, or CEH are a plus.
  • Excellent written and verbal communication skills with the ability to present technical concepts to non-technical audiences.

Work Conditions

  • Based in KL, with working hours aligned to U.S. Central or Eastern time zones.
  • Occasional after-hours availability may be required for coordinating tests or responding to time-sensitive findings.
  • Requires close collaboration with globally distributed engineering and security teams.
Why you should click ‘Apply’:  
  • Great team and company culture! You can find out more about our company culture and our commitment to creating a diverse and inclusive workplace, on our YouTube Channel.
  • Thanks to the work of every employee globally, Sitecore has been recognized for award-winning Culture by Comparably.   

Similar Jobs

Looks like we're out of matches

Set up an alert and we'll send you similar jobs the moment they appear!

Similar Skill Jobs

Looks like we're out of matches

Set up an alert and we'll send you similar jobs the moment they appear!

Jobs in Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia

Looks like we're out of matches

Set up an alert and we'll send you similar jobs the moment they appear!

Similar Category Jobs

Looks like we're out of matches

Set up an alert and we'll send you similar jobs the moment they appear!

About The Company

Kuala Lumpur, Federal Territory Of Kuala Lumpur, Malaysia (On-Site)

Riyadh, Riyadh Province, Saudi Arabia (Hybrid)

Amsterdam, North Holland, Netherlands (On-Site)

London, England, United Kingdom (On-Site)

Germany (On-Site)

Kuala Lumpur, Federal Territory Of Kuala Lumpur, Malaysia (On-Site)

Kuala Lumpur, Federal Territory Of Kuala Lumpur, Malaysia (On-Site)

London, England, United Kingdom (On-Site)

Manchester, New Hampshire, United States (On-Site)

View All Jobs

Get notified when new jobs are added by sitecore

Level Up Your Career in Game Development!

Transform Your Passion into Profession with Our Comprehensive Courses for Aspiring Game Developers.

Job Common Plug