1

Freelance Offensive Security Engineer Jobs (NOW HIRING)

Offensive Security Engineer

Tempe, AZ ยท On-site

$100K - $120K/yr

The Offensive Security Engineer is a hybrid role combining hands-on penetration testing, adversary simulation, and security engineering. This position is responsible for proactively identifying ...

Designing a flexible and distributed electrical grid The Role We are looking for a hands-on individual with an offensive security engineering mindset to join us as a Senior Offensive Security ...

Position Overview Thrive is looking for a security engineer to join our Offensive Security team. This team focuses on advanced vulnerability management and Pentesting as a service and delivers ...

Position Overview Thrive is looking for a security engineer to join our Offensive Security team. This team focuses on advanced vulnerability management and Pentesting as a service and delivers ...

They are seeking a Security Engineer to join their Offensive Security team, responsible for advanced vulnerability management and penetration testing services while ensuring client satisfaction and ...

The Mission Praetorian is an expert-driven offensive security company. Our mission is to prevent ... You're in the work - raising the bar on delivery, developing the engineers around you, and holding ...

Senior Engineer, Offensive Security

New York, NY ยท On-site

$125K - $171K/yr

As Senior Offensive Security Engineer, AI-Driven Red Team & Tooling, you'll build the AI and agentic tooling that makes our offensive operations faster and broader, then prove it where it counts, on ...

Senior Engineer, Offensive Security

Louisville, KY ยท On-site

$110K - $150K/yr

As Senior Offensive Security Engineer, AI-Driven Red Team & Tooling, you'll build the AI and agentic tooling that makes our offensive operations faster and broader, then prove it where it counts, on ...

next page

Showing results 1-20

Freelance Offensive Security Engineer information

See salary details

$14

$47

$132

How much do freelance offensive security engineer jobs pay per hour?

As of Jul 14, 2026, the average hourly pay for freelance offensive security engineer in the United States is $47.71, according to ZipRecruiter salary data. Most workers in this role earn between $24.28 and $61.78 per hour, depending on experience, location, and employer.

What are the key skills and qualifications needed to thrive as a Freelance Offensive Security Engineer, and why are they important?

To thrive as a Freelance Offensive Security Engineer, you need deep expertise in penetration testing, vulnerability assessment, and cybersecurity best practices, often backed by certifications like OSCP or CEH. Familiarity with tools such as Metasploit, Burp Suite, Nmap, and scripting languages like Python is typically required. Strong problem-solving skills, self-motivation, and effective client communication set standout professionals apart in this field. These competencies are crucial for identifying and mitigating security risks while maintaining client trust and delivering high-value security assessments.

What are some common challenges faced by Freelance Offensive Security Engineers when working with multiple clients?

Freelance Offensive Security Engineers often juggle multiple projects for different clients, which can make time management and prioritization challenging. Each client may have unique security requirements, varying network environments, and distinct expectations for deliverables. Additionally, staying updated on the latest vulnerabilities and attack techniques is crucial, as clients rely on your expertise for thorough assessments. Clear communication and diligent documentation are essential to ensure that findings and recommendations are understood and actionable for each client.

What are Freelance Offensive Security Engineers?

Freelance Offensive Security Engineers are independent cybersecurity professionals who specialize in identifying and exploiting vulnerabilities within computer systems, networks, and applications. They are hired by organizations on a contract basis to conduct penetration testing, red teaming, and security assessments to help improve the organization's defenses. Unlike in-house employees, freelancers work for multiple clients and often bring a diverse range of experience from different industries. Their primary goal is to simulate real-world attacks and provide detailed reports with recommendations to enhance security posture.

What is the difference between Freelance Offensive Security Engineer vs Penetration Tester?

AspectFreelance Offensive Security EngineerPenetration Tester
CertificationsOSCP, CEH, OSWEOSCP, CEH, GPEN
Work EnvironmentProject-based, remote or on-site, client-specificTypically consulting, testing environments, often on-site or remote
Employer/Industry UsageFreelance, cybersecurity firms, consultingSecurity firms, internal security teams, consulting

Freelance Offensive Security Engineers and Penetration Testers both focus on identifying security vulnerabilities. However, Freelance Offensive Security Engineers often work on broader offensive security projects, including red teaming and security architecture, while Penetration Testers primarily conduct targeted vulnerability assessments. The roles overlap but differ in scope and depth of engagement.

More about Freelance Offensive Security Engineer jobs
What cities are hiring for Freelance Offensive Security Engineer jobs? Cities with the most Freelance Offensive Security Engineer job openings:
What are the most commonly searched types of Offensive Security Engineer jobs? The most popular types of Offensive Security Engineer jobs are:
What states have the most Freelance Offensive Security Engineer jobs? States with the most job openings for Freelance Offensive Security Engineer jobs include:
What job categories do people searching Freelance Offensive Security Engineer jobs look for? The top searched job categories for Freelance Offensive Security Engineer jobs are:
Infographic showing various Freelance Offensive Security Engineer job openings in the United States as of July 2026, with employment types broken down into 95% Full Time, 2% Part Time, and 3% Contract. Highlights an 87% Physical, 4% Hybrid, and 9% Remote job distribution, with an average salary of $99,230 per year, or $47.7 per hour.
Offensive Security Engineer

Offensive Security Engineer

RunBuggy

Tempe, AZ โ€ข On-site

$100K - $120K/yr

Full-time

Medical, Dental, Vision, Life, Retirement, PTO

Re-posted 10 days ago


Job description

About Us:
RunBuggy is the most technically advanced automotive logistics platform on the market. Period.
Backed by Porsche Ventures and Hearst Ventures, RunBuggy is transforming the way cars move. Our cutting-edge technology is trusted by some of the largest OEMs, captive finance companies, and automotive lenders in the world to streamline vehicle transportation at scale.
RunBuggy's end-to-end platform connects car shippers and haulers in real time - eliminating the friction of traditional load boards and costly custom software. For shippers, RunBuggy integrates directly into existing management systems, reducing transportation costs and accelerating delivery timelines. For transporters, we offer a smarter, more profitable way to find, accept, and manage loads - all from a single app.
Since launching in 2019, RunBuggy has grown to over 190 team members, facilitated the movement of hundreds of thousands of vehicles, and attracted tens of thousands of transporters across the U.S.
We're not just building a better logistics platform - we're redefining the future of automotive transportation.
About the Role:
The Offensive Security Engineer is a hybrid role combining hands-on penetration testing, adversary simulation, and security engineering. This position is responsible for proactively identifying, exploiting, and validating vulnerabilities while also partnering with engineering teams to design, implement, and improve security controls across the environment.
This position reports to our Cybersecurity Manager and is a hybrid role (3 days in office per week).
What You Will Be Doing:
  • Experience with leveraging components of a modern software development stack to attack companies, including CI, container orchestration systems (Kubernetes/Docker), cloud providers (AWS), and be able to give hardening suggestions.
  • Conduct offensive security engagements, including Red Team operations, threat-based evaluations, and vulnerability research and exploitation against both internal and external-facing systems.
  • Plan and execute black-box, grey-box, and white-box web application penetration tests against RunBuggy production and staging environments.
  • Maintain tooling (Burp, Metasploit, C2 frameworks, custom scripts) for exploitation, detection validation, and security assessments.
  • Conduct API security testing (REST, GraphQL) including authentication bypass, injection, broken object-level authorization (BOLA/IDOR), and business logic flaws.
  • Perform cloud configuration reviews (AWS) and assess infrastructure-level exposure where it intersects with web application attack surfaces.
  • Produce clear, risk-ranked findings reports with reproducible proof-of-concept and actionable remediation guidance for both technical and non-technical audiences.
  • Collaborate with engineering to validate fixes and re-test remediated vulnerabilities.
  • Perform social engineering exercises (phishing, credential harvesting), where applicable.
  • Contribute to bug bounty triage, third-party assessment coordination, and security tooling selection.
  • Support compliance efforts (SOC 2, PCI DSS) by providing evidence and attestation tied to pen test scope and outcomes.
  • Stay current on emerging attack techniques and translate threat intelligence into test cases relevant to RunBuggy's stack.
  • Other duties as assigned.

Requirements
What You Bring to the Team by Way of Skills and Experience:
  • Bachelor's degree in Cybersecurity or related field required.
  • 3+ years of hands-on web application penetration testing experience in a professional or consulting capacity.
  • Passion and demonstrated experience for challenging security assumptions.
  • Deep familiarity with MITRE ATT&CK, OWASP Top 10, OWASP API Security Top 10, and OWASP Top 10 for LLMs.
  • Proficiency with standard tooling: Burp Suite, OWASP ZAP, Nmap, Metasploit, SQLmap, Nikto.
  • Demonstrated ability to exploit and document authentication/authorization flaws, injection vulnerabilities, XXE, SSRF, deserialization issues, and insecure direct object references.
  • Strong written communications: findings reports must be usable by both developers and executives.
  • Experience testing RESTful and/or GraphQL APIs.
  • Experience with AWS environment security assessment (IAM misconfiguration, S3 exposure, Lambda attack surface).
  • Scripting proficiency in Python, Bash, or JavaScript for custom tooling and automation.
  • Familiarity with automotive, logistics, or fintech regulatory requirements (PCI DSS, SOC 2 Type II).
  • Prior experience in a startup or high-growth SaaS environment where speed and security have to coexist.

Certificates, Licenses, and/or Registrations:
  • OSCP, GWAPT, eWPT, or equivalent. CEH is accepted but is less weighted than practical certs.

What is in it for You and Why you Should Apply:
  • Market-competitive pay based on education, experience, and location.
  • Highly competitive medical, dental, vision, Life w/ AD&D, Short-Term Disability insurance, Long-Term Disability insurance, pet insurance, identity theft protection, and a 401(k) retirement savings plan.
  • Employee wellness program.
  • Employee rewards, discounts, and recognition programs.
  • Generous company-paid holidays (12 per year), vacation, and sick time.
  • Paid paternity/maternity leave.
  • Monthly connectivity/home office stipend if working from home 5 days a week.
  • A supportive and positive space for you to grow and expand your career.

Pay Range Disclosure:
The advertised range represents the expected pay range for this position at the time of posting based on education, experience, skills, location, and other factors.
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
RunBuggy is an equal-opportunity employer that is committed to diversity and inclusion in the workplace. We prohibit discrimination, harassment, and retaliation on the basis of race, color, religion, sex (including gender identity and sexual orientation), pregnancy, parental status, national origin, age, disability, genetic information, or any other status protected under federal, state, or local law.
Unsolicited resumes sent via email or LinkedIn Messenger will not be considered.
No agencies, please.
Salary Description
$100,000 to $120,000/yr. DOE