Offensive Security Engineer

Offensive Security Engineer

About ABFinance ABFinance is a US-based firm building and enabling digital finance for the future. Their vision is to create a full financial ecosystem where digital assets, traditional finance, and everyday money management live in one seamless experience, made available to everyone. Founded by a team of innovators, traders, and compliance professionals, ABFinance's mission is to bring the emerging world of digital assets to everyone. Their flagship product is a secure, regulated crypto exchange building trading tools for both retail and institutional clients—including spot trading and yield generation products with a focus on compliance and security. Role Overview We are seeking a Red Team / Offensive Security Engineer to simulate real-world attacks against our crypto exchange platform, infrastructure, and internal systems. This role will proactively identify security weaknesses across applications, APIs, cloud environments, and blockchain-related components before adversaries do. You will work closely with security engineering, infrastructure, and development teams to continuously improve the organization's security posture through offensive testing and adversary emulation. Key Responsibilities Managing company bug bounty programs, reviewing reports, engaging with researchers and cooperating with software engineering to identify and remediate security weaknesses. Reviewing the outcomes of external penetration tests, replicating issues and again, working with engineering to fix findings. Conducting internal penetration tests on our software and infrastructure stack, including Web, API, and mobile applications, etc. Red and purple team exercises to examine our intrusion detection capability. Security research & threat Intelligence, working with security vendors. Performing risk assessment of blockchain-related components, including wallets, signing systems, and custody services. Working with engineering teams to validate vulnerability remediation. Required Qualifications 5+ years of experience in offensive security / penetration testing / red teaming. Strong knowledge of Operating Systems, Networking, and Cloud Infrastructure. Experience with scripting or coding (Python, Go, Bash, etc.). Deep understanding of OWASP Top 10 and MITRE ATT&CK. Preferred Qualifications Experience with crypto exchanges, blockchain, or Web3 infrastructure. Experience testing wallet systems, custody infrastructure, or key management systems. Familiarity with cloud environments (AWS/GCP/Azure). Knowledge of Kubernetes and container security. Security certifications such as: OSCP/OSEP/OSWE/CRTO/GPEN