Sr. Offensive Security Engineer
Axos Bank · Manila, Metro Manila, Philippines
Banking · 1,001-5,000 employees
About the role
The role involves proactively identifying and exploiting vulnerabilities across applications, networks, and cloud environments through penetration testing and red team operations. The engineer is responsible for developing custom exploits and providing actionable remediation guidance to stakeholders.
What they look for
Requirements
Candidates need 3+ years of experience in offensive security with strong expertise in exploiting vulnerabilities and using security tools like Burp Suite. Proficiency in scripting and a preferred certification such as OSCP are required.
Full description
Axos Business Center, Corp
About This Job
An Offensive Security Engineer proactively identifies and exploits security vulnerabilities across applications, networks, APIs, and cloud environments to strengthen an organization’s security posture. This role combines penetration testing, red team operations, and exploit development with clear reporting and remediation guidance to stakeholders.
Summary
This role is ideal for a hands-on cybersecurity professional who can think like an attacker, uncover real-world vulnerabilities, and translate findings into actionable improvements that strengthen organizational security defenses.
Key Responsibilities
- Conduct end-to-end penetration testing on web, mobile, API, network, and cloud systems (AWS, Azure, GCP).
- Execute red team / adversary emulation exercises aligned with real-world attack techniques (e.g., MITRE ATT&CK)
- Identify, exploit, and validate vulnerabilities (e.g., RCE, SSRF, authentication bypass, injection flaws, privilege escalation).
- Develop custom exploits, proof-of-concept code, and attack tools to demonstrate risk impact.
- Produce clear, actionable reports detailing findings, business impact, and remediation steps for both technical and non-technical audiences.
- Verify remediation efforts and ensure vulnerabilities are properly resolved.
- Collaborate with engineering, product, and security teams to improve defenses and remediation processes.
- Maintain and enhance offensive security methodologies, playbooks, and documentation.
Requirements
- Experience: • 3+ years in penetration testing, red teaming, or offensive security engagements.
- Technical Skills: • Strong expertise in web, API, network, and cloud security testing.
- Hands-on experience exploiting vulnerabilities (e.g., SSRF, RCE, IAM privilege escalation).
- Proficiency with security tools (e.g., Burp Suite, Nuclei, ffuf, Pacu, CloudFox).
- Scripting/programming skills for automation and exploit development.
- Knowledge Areas: • Application security, network protocols, operating systems, and cloud architectures.
- Threat modeling and adversary tactics, techniques, and procedures.
- Certifications (preferred): • OSCP or equivalent (or demonstrable portfolio such as CVEs/bug bounty findings).
- Soft Skills: • Strong analytical thinking and problem-solving
- Clear written and verbal communication for technical reporting
- Ability to work independently and cross-functionally
About Axos
Born digital-first, Axos delivers financial tools and services that allow individuals, small businesses, and companies to access and manage their money how, when, and where they want. We’re a diverse team of dynamic, insightful, and independent innovators who are excited to provide technology-driven solutions that offer unbeatable value to our customers.
Axos Financial is our holding company and is publicly traded on the New York Stock Exchange under the symbol "AX" (NYSE: AX).
Learn More about working at Axos Business Center
Pre-Employment Background Check, Medical, and Drug Test:
All offers are contingent upon the candidate successfully passing a credit check, criminal background check, and pre-employment medical and drug screening.
Equal Employment Opportunity:
Axos is an Equal Opportunity employer. We are committed to providing equal employment opportunities to all employees and applicants without regard to race, religious creed, color, sex (including pregnancy, breast feeding and related medical conditions), gender, gender identity, gender expression, sexual orientation, national origin, ancestry, citizenship status, military and veteran status, marital status, age, protected medical condition, genetic information, physical disability, mental disability, or any other protected status in accordance with all applicable federal, state, and local laws.
Job Functions and Work Environment:
While performing the duties of this position, the employee is required to sit for extended periods of time. Manual dexterity and coordination are required while operating standard office equipment such as computer keyboard and mouse, calculator, telephone, copiers, etc.
The work environment characteristics described here are representative of those an employee may encounter while performing the essential functions of this position. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this position.