Security Engineer – Red Team & Offensive Security

2 Months ago • 3-6 Years • Cyber Security

Job Summary

Job Description

The Security Engineer - Red Team & Offensive Security role at Sitecore involves leading and managing penetration testing, vulnerability management, bug bounty coordination, and code security initiatives. The engineer will work closely with product engineering teams, security stakeholders, and external partners to identify, assess, and drive the remediation of vulnerabilities. The role requires expertise in threat actors, modern attack vectors, and best practices for secure application and infrastructure design. Responsibilities include managing penetration testing, vulnerability management using Wiz, code security via Wiz Code, bug bounty program coordination, attack surface management, threat intelligence, and cross-team collaboration. This position requires strong communication skills and the ability to present technical concepts to non-technical audiences.
Must have:
  • 3-6 years of experience in application security or red team operations.
  • Hands-on experience with security tools and scripting for automation.
  • Familiarity with OWASP Top 10 and cloud-native security.
  • Strong understanding of vulnerability management lifecycle.
Good to have:
  • Experience managing or participating in bug bounty programs.
  • Security certifications such as OSCP, GWAPT, GPEN, or CEH.

Job Details

Security Engineer – Red Team & Offensive Security

About The Role:

Sitecore is seeking a proactive and technically skilled Security Engineer with a focus on Red Team and offensive security operations. This role will support security testing and hardening efforts across Sitecore’s cloud-native and SaaS products by leading and managing penetration testing, vulnerability management, bug bounty coordination, and code security initiatives.

The engineer will work closely with product engineering teams, security stakeholders, and external partners to identify, assess, and drive the remediation of vulnerabilities. The ideal candidate should be deeply familiar with threat actors, modern attack vectors, and best practices for secure application and infrastructure design.

Key Responsibilities:

Penetration Testing & Red Team Operations

  • Own and manage the penetration testing calendar across products and infrastructure.
  • Coordinate with external partners for scheduled and ad-hoc security testing.
  • Analyze and triage findings, produce detailed test reports, and follow up on remediation efforts.

Vulnerability Management (Wiz)

  • Perform regular scanning and analysis using Wiz for cloud and infrastructure vulnerabilities.
  • Prioritize findings based on risk, exploitability, and business impact.
  • Track and report on remediation progress across teams and ensure compliance with internal SLAs.

Code Security (Wiz Code)

  • Work with development teams to integrate secure coding practices and manage static analysis via Wiz Code.
  • Review and triage security findings in application code, guiding engineering teams on remediations.

Bug Bounty Program (HackerOne)

  • Coordinate Sitecore’s Bug Bounty Program with HackerOne, reviewing reports, validating findings, and managing triage workflows.
  • Collaborate with researchers and internal stakeholders to assess and resolve reported vulnerabilities.

Attack Surface Management

  • Continuously monitor Sitecore’s external and internal attack surface.
  • Proactively identify exposed assets, misconfigurations, or gaps that may lead to exploitation.

Threat Intelligence & Security Research

  • Stay current with evolving threat landscapes, vulnerabilities (CVEs), and TTPs (Tactics, Techniques, and Procedures).
  • Share intelligence and recommendations with internal teams to strengthen defenses and design.

Cross-Team Collaboration & Reporting

  • Work closely with Engineering, Cloud, and Product Security teams to share findings, improve visibility, and reduce exposure.
  • Maintain detailed documentation, dashboards, and status reports on open vulnerabilities, tracking remediation timelines and SLAs.

 What You Need to Succeed:

  • 3–6 years of experience in application security, penetration testing, or red team operations.
  • Hands-on experience with tools like Wiz, Wiz Code, Burp Suite, Nmap, Metasploit, and scripting for automation.
  • Familiarity with OWASP Top 10, cloud-native security (Azure, AWS), and container security best practices.
  • Strong understanding of vulnerability management lifecycle, secure SDLC, and offensive security techniques.
  • Experience managing or participating in bug bounty programs is a strong plus.
  • Security certifications such as OSCP, GWAPT, GPEN, or CEH are a plus.
  • Excellent written and verbal communication skills with the ability to present technical concepts to non-technical audiences.

Work Conditions

  • Based in KL, with working hours aligned to U.S. Central or Eastern time zones.
  • Occasional after-hours availability may be required for coordinating tests or responding to time-sensitive findings.
  • Requires close collaboration with globally distributed engineering and security teams.
Why you should click ‘Apply’:  
  • Great team and company culture! You can find out more about our company culture and our commitment to creating a diverse and inclusive workplace, on our YouTube Channel.
  • Thanks to the work of every employee globally, Sitecore has been recognized for award-winning Culture by Comparably.   

Similar Jobs

WebMD - Junior BI/DB Developer

WebMD

Lviv, Lviv Oblast, Ukraine (Hybrid)
1 Month ago
Salesforce - Partner Business Manager

Salesforce

Singapore (Hybrid)
1 Month ago
Palo Alto Networks - Principal Consultant, Offensive Security, Proactive Services (Unit 42)

Palo Alto Networks

Fort Meade, Maryland, United States (On-Site)
1 Month ago
EvenUp - Account Executive

EvenUp

Newark, New Jersey, United States (Remote)
1 Month ago
Flexera - Member Technical Staff - Site Reliability Engineer

Flexera

Bengaluru, Karnataka, India (Hybrid)
10 Months ago
Veeam Software - AI Application Security Engineer

Veeam Software

California, United States (Remote)
1 Month ago
Palo Alto Networks - Managing Director, Cybersecurity Services

Palo Alto Networks

São Paulo, Brazil (Remote)
2 Weeks ago
CD PROJEKT RED - Cybersecurity Specialist

CD PROJEKT RED

Warsaw, Masovian Voivodeship, Poland (On-Site)
5 Months ago
Tencent - Senior Client-Side Security Engineer

Tencent

Shenzhen, Guangdong Province, China (On-Site)
2 Months ago
Kavalirio - Expert Cyber Security Analyst

Kavalirio

Chantilly, Virginia, United States (On-Site)
1 Month ago

Get notifed when new similar jobs are uploaded

Similar Skill Jobs

Pluralsight - Enterprise Account Executive

Pluralsight

United States (Remote)
2 Weeks ago
Zones - Marketing Manager

Zones

Noida, Uttar Pradesh, India (On-Site)
2 Weeks ago
Riot Games - Staff Software Engineer (Build) - Teamfight Tactics

Riot Games

Los Angeles, California, United States (On-Site)
6 Months ago
Nasdaq - Corporate Solutions Senior RFP Analyst

Nasdaq

Taguig, Metro Manila, Philippines (Hybrid)
1 Week ago
Flexra Software - Lead Development Representative (Entry Level - Sydney OR Melbourne)

Flexra Software

Sydney, New South Wales, Australia (On-Site)
2 Weeks ago
Blenheim Chalcot India - Finance Manager

Blenheim Chalcot India

Mumbai, Maharashtra, India (On-Site)
1 Month ago
Red Points - Brand Protection Intern

Red Points

Barcelona, Catalonia, Spain (On-Site)
4 Months ago
DevRev - Software Engineer - Applied AI Support

DevRev

Buenos Aires, Buenos Aires, Argentina (On-Site)
3 Months ago
DevRev - Global Compensation Specialist

DevRev

Bengaluru, Karnataka, India (On-Site)
3 Weeks ago

Get notifed when new similar jobs are uploaded

Jobs in Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia

Western Digital - Senior Engineer, Equipment Engineering

Western Digital

Bayan Lepas, Penang, Malaysia (On-Site)
1 Month ago
Side - Korean Player Support Executive

Side

Kuala Lumpur, Federal Territory Of Kuala Lumpur, Malaysia (On-Site)
2 Months ago
broadcom - Senior/Staff NPI Engineer

broadcom

Penang, Malaysia (On-Site)
2 Months ago
NinjaVan - Internship - Office Management

NinjaVan

Subang Jaya, Selangor, Malaysia (On-Site)
9 Months ago
bytedance - Partnership Manager - BytePlus

bytedance

Kuala Lumpur, Federal Territory Of Kuala Lumpur, Malaysia (On-Site)
3 Months ago
Base Fx - VFX Production Coordinator

Base Fx

Kuala Lumpur, Federal Territory Of Kuala Lumpur, Malaysia (On-Site)
2 Months ago
Axi - Retail Services Associate (Thai)

Axi

Malaysia (On-Site)
3 Weeks ago
NinjaVan - Senior Executive, Human Resources (Talent Acquisition)

NinjaVan

Subang Jaya, Selangor, Malaysia (On-Site)
9 Months ago
NinjaVan - Data Entry, Address Verification

NinjaVan

Shah Alam, Selangor, Malaysia (On-Site)
1 Month ago
NinjaVan - Internship (IT)

NinjaVan

Subang Jaya, Selangor, Malaysia (On-Site)
9 Months ago

Get notifed when new similar jobs are uploaded

Cyber Security Jobs

Zazz - Cybersecurity Analyst

Zazz

(Remote)
5 Months ago
Rippling - Senior Software Engineer - Security and Compliance

Rippling

Seattle, Washington, United States (On-Site)
1 Month ago
PayPal - Manager, Cybersecurity Risk

PayPal

San Jose, California, United States (On-Site)
1 Week ago
Illumina - Senior IT Security Risk and Compliance Analyst

Illumina

Bengaluru, Karnataka, India (Hybrid)
1 Month ago
Veeam Software - Cloud Application Security Engineer (Middle/Senior)

Veeam Software

Lisbon, Lisbon, Portugal (On-Site)
3 Weeks ago
 Dassault Systèmes - Cyber Threat Intelligence Analyst

Dassault Systèmes

Vélizy-Villacoublay, Île-de-France, France (On-Site)
3 Years ago
Devoteam - Cybersecurity Project Manager

Devoteam

Bilbao, Basque Country, Spain (Hybrid)
6 Months ago
Match Group - Staff Software Security Engineer - AI

Match Group

Dallas, Texas, United States (Remote)
3 Weeks ago
Synechron - Practice Head, Cybersecurity

Synechron

New York, United States (On-Site)
1 Month ago

Get notifed when new similar jobs are uploaded

About The Company

Kuala Lumpur, Federal Territory Of Kuala Lumpur, Malaysia (On-Site)

Dubai, Dubai, United Arab Emirates (On-Site)

Kuala Lumpur, Federal Territory Of Kuala Lumpur, Malaysia (On-Site)

Kuala Lumpur, Federal Territory Of Kuala Lumpur, Malaysia (On-Site)

Kuala Lumpur, Federal Territory Of Kuala Lumpur, Malaysia (On-Site)

Manchester, New Hampshire, United States (On-Site)

Sydney, New South Wales, Australia (On-Site)

Manchester, New Hampshire, United States (On-Site)

View All Jobs

Get notified when new jobs are added by Site Core

Level Up Your Career in Game Development!

Transform Your Passion into Profession with Our Comprehensive Courses for Aspiring Game Developers.

Job Common Plug