Offensive Security Engineer

Description

About Firebolt 

Firebolt is the Cloud Data Warehouse designed to handle the speed, scale, and flexibility of AI applications. By delivering ultra-low latency, high concurrency, multi-dimensional elasticity, and flexibility, Firebolt empowers organizations to build data-intensive AI applications that perform at scale. With over $270m in funding to date, a strong engineering team and highly experienced leadership, Firebolt is well positioned to revolutionize the AI data infrastructure space and help businesses unlock the full potential of their data.

Description:

At Firebolt, security is built into everything we do. As we scale our high-performance cloud data warehouse platform, we’re looking for an exceptional Offensive Security Engineer to join our Security Research team and proactively strengthen our product’s security posture.

You’ll play a critical role in developing advanced offensive tests, simulating real-world attacks, and integrating automated security workflows directly into our CI/CD pipelines. If you’re passionate about pushing the limits of offensive security and applying AI and LLMs to take things further—this is your chance to do just that.

Key Responsibilities:

• Perform comprehensive black-box and gray-box penetration tests on core product components including frontend UI, APIs, client-side drivers, and backend microservices.
• Build and maintain custom API fuzzers to identify logic flaws, crashes, and unexpected behaviors.
• Automate offensive tests and integrate them into CI/CD workflows for continuous validation.
• Apply AI/LLM techniques to enrich attack simulations, expand test coverage, and develop novel vectors.
• Document findings clearly with actionable countermeasures; collaborate with engineering teams on timely remediation.

Requirements

• Strong experience with penetration testing of modern web apps and API frameworks (REST, gRPC, etc.).
• Deep understanding of browser security, client-side attacks, and mitigation strategies.
• Proficiency in Python or Golang with the ability to build robust offensive tooling.
• Experience with CI/CD pipeline security integrations.
• Familiarity with fuzzers (e.g., ffuf) and offensive tools like Burp Suite, OWASP ZAP.
• Practical exposure to at least one major cloud environment (AWS, GCP, Azure).
• Bonus: Experience using LLMs for offensive security tasks or research.