Certified Senior Offensive Security Engineer - SAST, DAST, SCA, IAST Role Overview: You will bring deep offensive security expertise to the agentic AI vulnerability program. You will determine what is truly exploitable, identify how vulnerabilities chain into real attacks, and validate that AI-generated fixes close the actual root cause—not just suppress scanner alerts. Your offensive analysis, exploit chain reasoning, and false positive judgment will be channeled into AI agents through prompts, evaluation criteria, and workflows that scale your expertise across the bank. You will work alongside the vulnerability management team and AI capability suppliers, contributing the deep offensive perspective the program needs. What You Will Do Lead exploitability assessment and false positive analysis across SAST, DAST, SCA, IAST, container, and infrastructure findings Translate analysis into reusable AI agent prompts and skills Identify exploit chains across vulnerability classes and encode reasoning into agent workflows Validate AI-generated fixes and ensure they close exploitable conditions Develop offensive prompts, attack scenarios, and evaluation criteria for AI agents Translate offensive insights into prioritization signals and remediation guidance via AI-driven workflows Top 3 Required Skills Offensive security, hands-on exploit development, red teaming, penetration testing Hands-on experience in SAST / DAST / SCA / IAST Coding in Java, Python, C#, or Go Must-Have Requirements 10+ years in offensive security with hands-on exploit development and red teaming One or more certifications: OSCP, OSCE, OSEP, OSWE, GXPN, GWAPT Ability to identify and validate exploit chains across vulnerability classes Deep understanding of vulnerability types (memory safety, injection, auth flaws, deserialization, race conditions, supply chain attacks) Strong code reading ability in at least three programming languages Hands-on experience with application security testing tools (SAST, DAST, SCA, IAST) and false positive analysis Nice-to-Have CVEs, conference talks (DEF CON, Black Hat, OffensiveCon, Recon) CTF achievements or bug bounty experience Software engineering experience in production systems Defensive security engineering exposure Familiarity with LLMs / agentic AI in security CI/CD & container security (Docker, Kubernetes, GitHub Actions, Jenkins) #J-18808-Ljbffr