Home › Companies › Plextrac › Offensive Security Engineer (Red Team)
Offensive Security Engineer (Red Team)
Plextrac · Remote · Active · BambooHR
Job facts
| Field | Value |
|---|---|
| Company | Plextrac |
| Title | Offensive Security Engineer (Red Team) |
| Normalized title | - |
| Department / team | Engineering |
| Location | India, India |
| Work model | Remote / Remote |
| Employment type | Full Time |
| Salary | - |
| Status | active |
| ATS provider | BambooHR |
| Posted / first seen | 2026-05-20 / 2026-05-30 |
| Changed / last seen | 2026-05-30 / 2026-06-06 |
Related slices
| Page | What it contains | Open |
|---|---|---|
| Company jobs | Active postings from Plextrac. | Open |
| Company breakdowns | Role, location, ATS, and work model facets for this company. | Open |
| ATS provider jobs | Active postings observed through BambooHR. | Open |
| Provider filtered search | The same provider as a filtered job collection. | Open |
| Department jobs | Active postings in Engineering. | Open |
| Work model jobs | Active Remote postings. | Open |
| Lifecycle events | Open, update, close, and reopen events for this posting. | Open |
| Original posting | Canonical source or apply URL captured from the ATS. | Open |
Linked records
| Company | Plextrac |
| Source | 02b2b4e7-1f38-4847-851a-03f35835ddef |
| ATS provider | BambooHR |
Description
About PlexTrac
PlexTrac is a cybersecurity SaaS platform helping security teams streamline reporting, exposure management, and remediation workflows. Our platform is used by penetration testers, red teams, consultants, enterprises, and managed security providers to operationalize security findings and improve collaboration across technical and executive stakeholders.
We are a remote-first company headquartered in the United States with distributed team members across North America, Europe, and Asia. We are committed to ownership, transparency, practical problem-solving, and building products that customers genuinely rely on.
Why This Role Matters
We build security software that helps companies protect their data. To make our product stronger, we are looking for Offensive Security Engineers (Red Team) who think like attackers. You will find weaknesses before the bad guys do, report what you find clearly, and work with our engineering team to fix it. This is a hands-on role with real influence on how we build and ship securely.
Location: Remote — India only.
Responsibilities
Plan and execute red team engagements across our cloud infrastructure (AWS/GCP/Azure), internal networks, web applications, and SaaS product
Simulate realistic attack chains — from initial access through lateral movement, credential harvesting, privilege escalation and data exfiltration — using current threat actor techniques
Conduct assumed breach scenarios, purple team exercises, and objective-based engagements, not just point-in-time pen tests
Assess cloud-specific attack surfaces: IAM roles and policies, storage misconfigurations, serverless functions, container workloads, and CI/CD pipelines
Test Active Directory and hybrid identity environments for common and advanced attack paths
Perform web and API application testing against our core product, including authentication flaws, authorization bypasses, and business logic vulnerabilities
Build, customize, and maintain offensive tools, scripts, and C2 infrastructure to support engagements
Develop and manage red team infrastructure — attack servers, redirectors, phishing platforms, and operational security controls
Create and maintain repeatable testing methodologies and internal playbooks the team can use and build on
Evaluate and improve detection coverage by working closely with our blue team — identify what's being caught, what isn't, and why
Write detailed reports that document attack paths, evidence, business impact, and remediation steps — clearly enough that an engineer can act on them without follow-up questions
Present findings to both technical teams and non-technical stakeholders, including leadership
Track remediation progress and validate that fixes actually close the identified gaps — not just check a box
Help define the scope, methodology, and maturity of our red team program as we scale
Contribute to internal security standards, threat models, and secure design reviews
Mentor junior team members and support knowledge sharing across the security org
Qualifications
4+ years of hands-on experience in offensive security, penetration testing, or a red team role
Demonstrated ability to attack and assess cloud environments — AWS, GCP, and Azure — including IAM abuse, privilege escalation, and misconfiguration exploitation
Hands-on experience with container and Kubernetes security (EKS, GKE, AKS)
Experience testing hosted and on-prem infrastructure: servers, VPNs, Active Directory, and internal networks
Working knowledge of web application attack techniques (OWASP Top 10 and beyond)
Familiarity with MITRE ATT&CK and how to map findings to real-world threat behavior
Experience writing clear, well-organized findings reports for both technical and non-technical readers
Ability to explain technical risk to people who are not security experts
Comfort working independently and managing your own workload
Nice to Have
Experience testing SaaS products or multi-tenant cloud architectures
Scripting or coding ability in Python, Bash, or PowerShell
Familiarity with C2 frameworks such as Cobalt Strike, Brute Ratel, or Sliver
Experience with phishing simulations and social engineering engagements
Certifications such as OSCP, CRTO, CRTE, CPTS, or equivalent hands-on credentials
Tech Stack
Cloud and hosted environments, modern SaaS infrastructure, enterprise security controls, and offensive security tools for vulnerability testing and threat simulation.
Work Style
We operate as a remote-first, distributed team with a strong asynchronous culture. We value thoughtful communication, autonomy, and collaboration, with core working hours that partially overlap with U.S. Eastern Time.
Employees are administered through our EOR partner: Remote.
We’re committed to building an inclusive workplace where people from all backgrounds can thrive. We welcome applicants regardless of race, ethnicity, religion, gender identity, sexual orientation, age, disability, or background.
If you require accommodations during the interview process, please let us know: [email protected]
#LI-Remote
Full job record
| Job ID | 1508942ae12fe5e37be169297a1268dded9b99de |
| Org ID | ee333020-b879-4b40-8741-87db00d625e4 |
| Source ID | 02b2b4e7-1f38-4847-851a-03f35835ddef |
| Board ID | 02b2b4e7-1f38-4847-851a-03f35835ddef |
| Provider | bamboohr |
| Provider Job Key | 152 |
| Title | Offensive Security Engineer (Red Team) |
| Normalized Title | — |
| Status | active |
| Active | yes |
| Location Text | — |
| Department | Engineering |
| Team | — |
| Employment Type | full_time |
| Workplace Type | remote |
| Remote Policy | remote |
| Country | India |
| Region | India |
| City | — |
| Salary Raw | — |
| Salary Min | — |
| Salary Max | — |
| Salary Currency | — |
| Salary Period | — |
| Source URL | https://plextrac.bamboohr.com/careers/152 |
| Apply URL | https://plextrac.bamboohr.com/careers/152 |
| First Seen At | 2026-05-30 05:37:57Z |
| Last Seen At | 2026-06-06 08:46:31Z |
| Last Checked At | 2026-06-06 08:46:31Z |
| Last Changed At | 2026-05-30 05:37:57Z |
| Inactive At | — |
| Source Posted At | 2026-05-20 00:00:00Z |
| Source Updated At | — |
| Raw Payload Uri | s3://job-postings-prod-raw-590183727216/raw/provider=bamboohr/board=plextrac/date=2026-06-06/2026-06-06T08-46-30-333Z-6a1e6eff556feafe40ba0137fbd704fa077908da2e3d4ea8822061bfd6d76d46.json |
Event Fields
{
"content_hash": "da5b367c1d8c978af3cb9842161dfae8d5545bbcc1c87354ac39a3e6f983140f",
"source_hash": "59e47f7031b51f34580b41ff1a9eb610cfe4c401bd0c176d5778bbbd11945dba",
"last_changed_at": "2026-05-30T05:37:57.803Z",
"active_status": "active"
}Parsed Structured
{
"language": "en",
"location": {
"raw": "REMOTE, India, India",
"city": null,
"region": "India",
"country": "India",
"is_remote": true,
"confidence": 0.8
},
"salary_max": null,
"salary_min": null,
"inferred_at": "2026-06-06T08:46:31.133Z",
"launch_scope": {
"reason": "bamboohr_production_catalog",
"included": true,
"location": {
"raw": "REMOTE, India, India",
"city": null,
"region": "India",
"country": "India",
"is_remote": true,
"confidence": 0.8
},
"countries": [
"India"
]
},
"remote_policy": "remote",
"salary_period": null,
"workplace_type": "remote",
"salary_currency": null
}Extensions
{}Native Structured
{
"list_job": {
"id": "152",
"isRemote": null,
"location": {
"city": null,
"state": null
},
"atsLocation": {
"city": "REMOTE",
"state": null,
"country": "India",
"province": "India"
},
"departmentId": "18434",
"locationType": "1",
"jobOpeningName": "Offensive Security Engineer (Red Team)",
"departmentLabel": "Engineering",
"employmentStatusLabel": "Full-Time (Hired by Remote)"
},
"detail_errors": [],
"detail_job_opening": {
"location": {
"city": null,
"state": null,
"postalCode": null,
"addressCountry": null
},
"datePosted": "2026-05-20",
"atsLocation": {
"city": "REMOTE",
"state": "India",
"country": "India",
"countryId": "100"
},
"description": "<p><span style=\"font-family: Arial,sans-serif; font-size: 12pt; font-weight: bold\">About PlexTrac</span></p>\n<p><br></p>\n<p><span style=\"font-size: 12pt\">PlexTrac is a cybersecurity SaaS platform helping security teams streamline reporting, exposure management, and remediation workflows. Our platform is used by penetration testers, red teams, consultants, enterprises, and managed security providers to operationalize security findings and improve collaboration across technical and executive stakeholders.</span></p>\n<p><br></p>\n<p><span style=\"font-size: 12pt\">We are a remote-first company headquartered in the United States with distributed team members across North America, Europe, and Asia. We are committed to ownership, transparency, practical problem-solving, and building products that customers genuinely rely on.</span></p>\n<p><br></p>\n<p><span style=\"font-family: Arial,sans-serif; font-size: 12pt; font-weight: bold\">Why This Role Matters </span></p>\n<p><br></p>\n<p>We build security software that helps companies protect their data. To make our product stronger, we are looking for <span style=\"font-weight: bold\">Offensive Security Engineers (Red Team)</span> who think like attackers. You will find weaknesses before the bad guys do, report what you find clearly, and work with our engineering team to fix it. This is a hands-on role with real influence on how we build and ship securely.</p>\n<p><br></p>\n<p><span style=\"font-size: 12pt; font-weight: bold\">Location:</span><span style=\"font-size: 12pt\"> Remote — India only.</span></p>\n<p><br></p>\n<p><span style=\"font-size: 12pt; font-weight: bold\">Responsibilities</span></p>\n<ul>\n<li><span style=\"font-size: 12pt\">Plan and execute red team engagements across our cloud infrastructure (AWS/GCP/Azure), internal networks, web applications, and SaaS product</span></li>\n<li><span style=\"font-size: 12pt\">Simulate realistic attack chains — from initial access through lateral movement, credential harvesting, privilege escalation and data exfiltration — using current threat actor techniques</span></li>\n<li><span style=\"font-size: 12pt\">Conduct assumed breach scenarios, purple team exercises, and objective-based engagements, not just point-in-time pen tests</span></li>\n<li><span style=\"font-size: 12pt\">Assess cloud-specific attack surfaces: IAM roles and policies, storage misconfigurations, serverless functions, container workloads, and CI/CD pipelines</span></li>\n<li><span style=\"font-size: 12pt\">Test Active Directory and hybrid identity environments for common and advanced attack paths</span></li>\n<li><span style=\"font-size: 12pt\">Perform web and API application testing against our core product, including authentication flaws, authorization bypasses, and business logic vulnerabilities</span></li>\n<li><span style=\"font-size: 12pt\">Build, customize, and maintain offensive tools, scripts, and C2 infrastructure to support engagements</span></li>\n<li><span style=\"font-size: 12pt\">Develop and manage red team infrastructure — attack servers, redirectors, phishing platforms, and operational security controls</span></li>\n<li><span style=\"font-size: 12pt\">Create and maintain repeatable testing methodologies and internal playbooks the team can use and build on</span></li>\n<li><span style=\"font-size: 12pt\">Evaluate and improve detection coverage by working closely with our blue team — identify what's being caught, what isn't, and why</span></li>\n<li><span style=\"font-size: 12pt\">Write detailed reports that document attack paths, evidence, business impact, and remediation steps — clearly enough that an engineer can act on them without follow-up questions</span></li>\n<li><span style=\"font-size: 12pt\">Present findings to both technical teams and non-technical stakeholders, including leadership</span></li>\n<li><span style=\"font-size: 12pt\">Track remediation progress and validate that fixes actually close the identified gaps — not just check a box</span></li>\n<li><span style=\"font-size: 12pt\">Help define the scope, methodology, and maturity of our red team program as we scale</span></li>\n<li><span style=\"font-size: 12pt\">Contribute to internal security standards, threat models, and secure design reviews</span></li>\n<li><span style=\"font-size: 12pt\">Mentor junior team members and support knowledge sharing across the security org</span><br></li>\n</ul>\n<p><br></p>\n<p><span style=\"font-size: 12pt; font-weight: bold\">Qualifications</span></p>\n<ul>\n<li><span style=\"font-size: 12pt\">4+ years of hands-on experience in offensive security, penetration testing, or a red team role</span></li>\n<li><span style=\"font-size: 12pt\">Demonstrated ability to attack and assess cloud environments — AWS, GCP, and Azure — including IAM abuse, privilege escalation, and misconfiguration exploitation</span></li>\n<li><span style=\"font-size: 12pt\">Hands-on experience with container and Kubernetes security (EKS, GKE, AKS)</span></li>\n<li><span style=\"font-size: 12pt\">Experience testing hosted and on-prem infrastructure: servers, VPNs, Active Directory, and internal networks</span></li>\n<li><span style=\"font-size: 12pt\">Working knowledge of web application attack techniques (OWASP Top 10 and beyond)</span></li>\n<li><span style=\"font-size: 12pt\">Familiarity with MITRE ATT&CK and how to map findings to real-world threat behavior</span></li>\n<li><span style=\"font-size: 12pt\">Experience writing clear, well-organized findings reports for both technical and non-technical readers</span></li>\n<li><span style=\"font-size: 12pt\">Ability to explain technical risk to people who are not security experts</span></li>\n<li><span style=\"font-size: 12pt\">Comfort working independently and managing your own workload</span><br></li>\n</ul>\n<p><br></p>\n<p><span style=\"font-size: 12pt; font-weight: bold\">Nice to Have</span></p>\n<ul>\n<li><span style=\"font-size: 12pt\">Experience testing SaaS products or multi-tenant cloud architectures</span></li>\n<li><span style=\"font-size: 12pt\">Scripting or coding ability in Python, Bash, or PowerShell </span></li>\n<li><span style=\"font-size: 12pt\">Familiarity with C2 frameworks such as Cobalt Strike, Brute Ratel, or Sliver</span></li>\n<li><span style=\"font-size: 12pt\">Experience with phishing simulations and social engineering engagements</span></li>\n<li><span style=\"font-size: 12pt\">Certifications such as OSCP, CRTO, CRTE, CPTS, or equivalent hands-on credentials</span></li>\n</ul>\n<p><br></p>\n<p><span style=\"font-size: 12pt; font-weight: bold\">Tech Stack</span></p>\n<p><span style=\"font-size: 12pt\">Cloud and hosted environments, modern SaaS infrastructure, enterprise security controls, and offensive security tools for vulnerability testing and threat simulation.</span></p>\n<p><br></p>\n<p><span style=\"font-size: 12pt; font-weight: bold\">Work Style</span></p>\n<p><span style=\"font-size: 12pt\">We operate as a remote-first, distributed team with a strong asynchronous culture. We value thoughtful communication, autonomy, and collaboration, with core working hours that partially overlap with U.S. Eastern Time.</span></p>\n<p><br></p>\n<p><span style=\"font-size: 12pt\">Employees are administered through our EOR partner: Remote.</span></p>\n<p><br></p>\n<p><span style=\"font-size: 12pt\">We’re committed to building an inclusive workplace where people from all backgrounds can thrive. We welcome applicants regardless of race, ethnicity, religion, gender identity, sexual orientation, age, disability, or background.</span></p>\n<p><br></p>\n<p><span style=\"font-size: 12pt\">If you require accommodations during the interview process, please let us know: </span><span style=\"font-size: 12pt\"><a href=\"mailto:[email protected]\" target=\"_blank\" rel=\"noopener noreferrer\">[email protected]</a></span><span style=\"font-size: 12pt\"> </span><br></p>\n<p><br></p>\n<p><span style=\"font-family: Arial,sans-serif; font-size: 12pt\">#LI-Remote</span></p>",
"compensation": null,
"departmentId": "18434",
"locationType": "1",
"seekPromoted": false,
"jobCategoryId": null,
"jobOpeningName": "Offensive Security Engineer (Red Team)",
"departmentLabel": "Engineering",
"jobOpeningStatus": "Open",
"minimumExperience": "Experienced",
"jobOpeningShareUrl": "https://plextrac.bamboohr.com/careers/152",
"employmentStatusLabel": "Full-Time (Hired by Remote)"
}
}Get this page with API
Rendered from the bluedoor Job Postings API. Reproduce it:
GET https://api.bluedoor.sh/job-postings/v1/jobs/1508942ae12fe5e37be169297a1268dded9b99de?include=descriptionJSONGET https://api.bluedoor.sh/job-postings/v1/orgs/ee333020-b879-4b40-8741-87db00d625e4JSONGET https://api.bluedoor.sh/job-postings/v1/sources/02b2b4e7-1f38-4847-851a-03f35835ddefJSONGET https://api.bluedoor.sh/job-postings/v1/jobs/1508942ae12fe5e37be169297a1268dded9b99de/eventsJSON