Offensive Security Engineer

Title: Offensive Security Engineer

Location: US

Department: Product and Engineering

Remote

Job Description:

At Staris AI we believe human-based cyber defense is dead and the dream of security automation is finally within reach. Staris AI is a Series A ventured-backed firm that is reinventing application security with its innovative AI-powered penetration testing that continuously validates and remediates real attack paths in running applications. The Staris Total Context Security platform proves exploitable vulnerabilities in hours, not weeks, with zero false positives and 40:1 efficiency gains over traditional methods.

We're on a mission to transform the indefensible into the impenetrable, advancing applications into a new era of security.

As an Offensive Security Engineer at Staris AI, you'll be at the vanguard of the application security profession. This role goes beyond conventional application security and penetration testing; you'll be instrumental in advancing the field of automated software attack and simulation with your expertise in threat simulation and attack automation.

What You'll Do

• Own the execution and quality of autonomous security assessments, ensuring results are accurate, validated, and actionable for customers.
• Drive the continuous improvement of AI-driven attack simulations and automated exploitation workflows to expand coverage, reliability, and assessment depth.
• Apply offensive security expertise to identify realistic attack paths, validate findings, and reduce false positives across modern application and cloud environments.
• Partner with engineering and research teams to operationalize new attack techniques and strengthen the platform’s autonomous testing capabilities.
• Use insights from diverse target environments and customer feedback to improve assessment logic, remediation quality, and overall platform effectiveness.

What You Bring

• Minimum of 5 years of experience in application security assessment, source code auditing, bug hunting or similar areas
• Knowledge of offensive application security fundamentals
• Knowledge of relevant open-source technologies for attack automation (e.g. Tools, Libraries, Frameworks, etc.)
• Experience working with relevant software assessment technologies (e.g. SAST, DAST, Fuzzing, etc.).
• Prior emphasis on distributed systems and micro-service architectures
• Familiarity with prompt engineering, generative AI models, and their APIs
• Bachelor's degree in a related field (e.g. Computer Science, Information Technology, Cybersecurity, etc.) 
• Strong English language communication skills

Why Staris

• Backed by a founding team with deep pedigree, including alumni of Amazon, Accenture, and Palo Alto Networks, who have solved this problem operationally before.
• A genuine category-defining product. Most AppSec tools create noise while Staris eliminates it with AI-driven proof of exploitability and automated, code-level remediation.
• Supporting a massive, underserved market. Enterprises invest heavily in AppSec but deeply test only a fraction of their software portfolio.
• Competitive base, meaningful equity, full benefits, and a remote-first culture.

About Staris AI

Staris AI is a Series A ventured-backed firm that is reinventing application security with its innovative AI-powered penetration testing that continuously validates and remediates real attack paths in running applications. Our Total Context Security platform proves exploitable vulnerabilities in hours, not weeks, with zero false positives and 40:1 efficiency gains over traditional methods. We're on a mission to transform the indefensible into the impenetrable, advancing applications into a new era of security.