Certified Senior Offensive Security Engineer - SAST, DAST, SCA, IAST Role Overview: You will bring deep offensive security expertise to the agentic AI vulnerability program. You will determine what is truly exploitable, identify how vulnerabilities chain into real attacks, and validate that AI-generated fixes close the actual root cause—not just suppress scanner alerts.Your offensive analysis, exploit chain reasoning, and false positive judgment will be channeled into AI agents through prompts, evaluation criteria, and workflows that scale your expertise across the bank.You will work alongside the vulnerability management team and AI capability suppliers, contributing the deep offensive perspective the program needs.What You Will DoLead exploitability assessment and false positive analysis across SAST, DAST, SCA, IAST, container, and infrastructure findingsTranslate analysis into reusable AI agent prompts and skillsIdentify exploit chains across vulnerability classes and encode reasoning into agent workflowsValidate AI-generated fixes and ensure they close exploitable conditionsDevelop offensive prompts, attack scenarios, and evaluation criteria for AI agentsTranslate offensive insights into prioritization signals and remediation guidance via AI-driven workflowsTop 3 Required SkillsOffensive security, hands-on exploit development, red teaming, penetration testingHands-on experience in SAST / DAST / SCA / IASTCoding in Java, Python, C#, or GoMust-Have Requirements10+ years in offensive security with hands-on exploit development and red teamingOne or more certifications: OSCP, OSCE, OSEP, OSWE, GXPN, GWAPTAbility to identify and validate exploit chains across vulnerability classesDeep understanding of vulnerability types (memory safety, injection, auth flaws, deserialization, race conditions, supply chain attacks)Strong code reading ability in at least three programming languagesHands-on experience with application security testing tools (SAST, DAST, SCA, IAST) and false positive analysisNice-to-HaveCVEs, conference talks (DEF CON, Black Hat, OffensiveCon, Recon)CTF achievements or bug bounty experienceSoftware engineering experience in production systemsDefensive security engineering exposureFamiliarity with LLMs / agentic AI in securityCI/CD & container security (Docker, Kubernetes, GitHub Actions, Jenkins)#J-18808-Ljbffr