Security Engineer

Exfiltra is hiring a Security Engineer focused on security engineering, application security, cloud security, and penetration testing. This role is designed for practitioners who enjoy working deep in systems, code, and architecture—and who take pride in building and breaking real-world environments.

This is not a SOC or blue team role.

Experience Required: 6 months – 1 year

What You’ll Be Working On

• Application security assessments (Web, API, Mobile)
• Cloud security reviews and hardening (AWS, Azure, GCP)
• Infrastructure and application penetration testing
• Secure architecture design and implementation
• Threat modeling and security design reviews
• Collaborating closely with engineering teams to embed security into the SDLC
• Converting findings into clear, practical, engineering-focused remediation guidance

Required Skills & Experience

• Strong hands-on experience in application security and penetration testing
• Practical exposure to cloud security (AWS, Azure, or GCP)
• Ability to understand, review, and write code (e.g., Python, JavaScript, Go, Java, etc.)
• Solid understanding of:
• Web & API security vulnerabilities
• Authentication and authorization mechanisms
• Secure architecture patterns
• OWASP Top 10 and modern attack techniques
• Comfortable going beyond tools and automation—this is a security engineering role, not a checklist-based assessment role

Important: This position involves regular interaction with code and architecture. Candidates who are not comfortable with coding, debugging, or technical deep-dives may find this role unsuitable. Certifications (Relevant & Valued)

One or more of the following is strongly preferred:

• CPTS (Certified Penetration Testing Specialist)
• PNPT (Practical Network Penetration Tester)
• CRT (Certified Red Team)
• OSCP / OSWE or equivalent hands-on certifications

CREST certifications will be given strong preference

Additional Preference

• Open-source contributors (security tools, libraries, research, or write-ups)
• Candidates with a strong Capture The Flag (CTF) background, including platform-based or competitive CTF participation

Hiring Process

This role involves a multi-stage vetting process, designed to assess real-world skills and problem-solving ability.
Candidates should expect:

• Technical interviews
• Practical security discussions
• A CTF-style challenge as part of the evaluation

We take hiring seriously and evaluate depth, not buzzwords.

Who Should NOT Apply

• Candidates with SOC-focused or blue team-only backgrounds
• Professionals primarily seeking alert monitoring, SIEM operations, or IR-only roles

This role is engineering-driven, not operational monitoring.

How to Apply

Send your CV to: hr@exfiltra.com
Subject: Security Engineer

If you enjoy engineering secure systems, breaking insecure ones, and proving your skills through hands-on challenges, this role offers strong growth, autonomy, and meaningful impact at Exfiltra.

Job Type: Full-time

Application Question(s):

• What is your current salary?
• What are your salary expectations?
• What is your current notice period?

Work Location: In person