1

Offensive Security Engineer Jobs in Arizona (NOW HIRING)

Offensive Security Engineer

Tempe, AZ ยท On-site

$100K - $120K/yr

The Offensive Security Engineer is a hybrid role combining hands-on penetration testing, adversary simulation, and security engineering. This position is responsible for proactively identifying ...

... Information Security Engineering experience, or equivalent demonstrated through one or a ... Knowledge of offensive security, with the ability to think like an adversary when hunting and ...

Design and validate evaluation frameworks for offensive security, focusing on real-world scenarios involving exploit chains, malware, cloud/appsec, and social engineering. * Create safe and effective ...

... security concepts, including how AI enabled systems, inputs, and workflows can be manipulated or abused * Ability to collaborate with Blue Team and Detection Engineering to translate offensive ...

... security concepts, including how AI enabled systems, inputs, and workflows can be manipulated or abused * Ability to collaborate with Blue Team and Detection Engineering to translate offensive ...

next page

Showing results 1-20

Offensive Security Engineer information

See Arizona salary details

$57.3K

$142.4K

$191.5K

How much do offensive security engineer jobs pay per year?

As of Jul 6, 2026, the average yearly pay for offensive security engineer in Arizona is $142,367.00, according to ZipRecruiter salary data. Most workers in this role earn between $133,300.00 and $147,700.00 per year, depending on experience, location, and employer.

What are some common challenges faced by Offensive Security Engineers on the job?

Offensive Security Engineers often encounter challenges such as keeping up with rapidly evolving threats, maintaining deep technical knowledge across various technologies, and identifying vulnerabilities in large or complex systems. They must balance rigorous testing with minimal disruption to live systems, which requires careful planning and coordination with other teams. Additionally, translating technical findings into actionable recommendations that are understandable to both technical and non-technical stakeholders is a key part of the role. These challenges make adaptability, continuous learning, and strong communication skills especially important in this field.

How much do offensive security engineers make?

Offensive security engineers typically earn between $80,000 and $150,000 annually, depending on experience, certifications, and location. Senior roles or those with specialized skills in penetration testing and exploit development can earn higher salaries, often exceeding $150,000.

What does an Offensive Security Engineer do?

An Offensive Security Engineer is responsible for identifying and exploiting vulnerabilities in systems, networks, and applications to assess an organization's security posture. They conduct penetration testing, simulate real-world cyber attacks, and provide recommendations to strengthen defenses. Their work helps organizations proactively detect and mitigate security risks before malicious hackers can exploit them. They often use tools like Metasploit, Burp Suite, and custom scripts to test security controls.

What does an offensive security engineer do?

An offensive security engineer conducts simulated cyberattacks to identify vulnerabilities in computer systems, networks, and applications. They use tools like penetration testing and vulnerability assessment techniques to improve security defenses and often hold certifications such as OSCP or CEH. Their work involves ethical hacking, reporting security flaws, and helping organizations strengthen their cybersecurity posture.

Can you make $500,000 a year in cyber security?

Offensive Security Engineers with advanced skills, certifications like OSCP, and extensive experience can potentially earn $500,000 annually, especially in high-demand industries or senior roles. Achieving this level typically requires expertise in penetration testing, security tools, and often leadership responsibilities or consulting work.

What engineers make $500,000?

Senior offensive security engineers with extensive experience, specialized skills in penetration testing, and relevant certifications such as OSCP or CISSP can reach or exceed a $500,000 annual salary, especially in high-demand industries or senior leadership roles. Compensation often includes base salary, bonuses, and stock options, reflecting their expertise in cybersecurity and offensive security techniques.

What are the key skills and qualifications needed to thrive in the Offensive Security Engineer position, and why are they important?

Offensive Security Engineers need expertise in penetration testing, vulnerability assessment, networking, programming, and a solid understanding of security best practices, typically supported by a computer science degree or equivalent experience. Familiarity with tools like Metasploit, Burp Suite, Kali Linux, and certifications such as OSCP or CEH is highly valued. Strong problem-solving ability, effective communication, and a collaborative mindset help professionals excel in this dynamic field. These skills ensure the engineer can identify and exploit security weaknesses while clearly conveying findings to both technical teams and stakeholders, ultimately strengthening organizational security.

What are the most commonly searched types of Offensive Security Engineer jobs in Arizona? The most popular types of Offensive Security Engineer jobs in Arizona are:
What job categories do people searching Offensive Security Engineer jobs in Arizona look for? The top searched job categories for Offensive Security Engineer jobs in Arizona are:
Offensive Security Engineer

Offensive Security Engineer

RunBuggy

Tempe, AZ โ€ข On-site

$100K - $120K/yr

Full-time

Medical, Dental, Vision, Life, Retirement, PTO

Posted 2 days ago


Job description

About Us:
RunBuggy is the most technically advanced automotive logistics platform on the market. Period.
Backed by Porsche Ventures and Hearst Ventures, RunBuggy is transforming the way cars move. Our cutting-edge technology is trusted by some of the largest OEMs, captive finance companies, and automotive lenders in the world to streamline vehicle transportation at scale.
RunBuggy's end-to-end platform connects car shippers and haulers in real time - eliminating the friction of traditional load boards and costly custom software. For shippers, RunBuggy integrates directly into existing management systems, reducing transportation costs and accelerating delivery timelines. For transporters, we offer a smarter, more profitable way to find, accept, and manage loads - all from a single app.
Since launching in 2019, RunBuggy has grown to over 190 team members, facilitated the movement of hundreds of thousands of vehicles, and attracted tens of thousands of transporters across the U.S.
We're not just building a better logistics platform - we're redefining the future of automotive transportation.
About the Role:
The Offensive Security Engineer is a hybrid role combining hands-on penetration testing, adversary simulation, and security engineering. This position is responsible for proactively identifying, exploiting, and validating vulnerabilities while also partnering with engineering teams to design, implement, and improve security controls across the environment.
This position reports to our Cybersecurity Manager and is a hybrid role (3 days in office per week).
What You Will Be Doing:
  • Experience with leveraging components of a modern software development stack to attack companies, including CI, container orchestration systems (Kubernetes/Docker), cloud providers (AWS), and be able to give hardening suggestions.
  • Conduct offensive security engagements, including Red Team operations, threat-based evaluations, and vulnerability research and exploitation against both internal and external-facing systems.
  • Plan and execute black-box, grey-box, and white-box web application penetration tests against RunBuggy production and staging environments.
  • Maintain tooling (Burp, Metasploit, C2 frameworks, custom scripts) for exploitation, detection validation, and security assessments.
  • Conduct API security testing (REST, GraphQL) including authentication bypass, injection, broken object-level authorization (BOLA/IDOR), and business logic flaws.
  • Perform cloud configuration reviews (AWS) and assess infrastructure-level exposure where it intersects with web application attack surfaces.
  • Produce clear, risk-ranked findings reports with reproducible proof-of-concept and actionable remediation guidance for both technical and non-technical audiences.
  • Collaborate with engineering to validate fixes and re-test remediated vulnerabilities.
  • Perform social engineering exercises (phishing, credential harvesting), where applicable.
  • Contribute to bug bounty triage, third-party assessment coordination, and security tooling selection.
  • Support compliance efforts (SOC 2, PCI DSS) by providing evidence and attestation tied to pen test scope and outcomes.
  • Stay current on emerging attack techniques and translate threat intelligence into test cases relevant to RunBuggy's stack.
  • Other duties as assigned.

Requirements
What You Bring to the Team by Way of Skills and Experience:
  • Bachelor's degree in Cybersecurity or related field required.
  • 3+ years of hands-on web application penetration testing experience in a professional or consulting capacity.
  • Passion and demonstrated experience for challenging security assumptions.
  • Deep familiarity with MITRE ATT&CK, OWASP Top 10, OWASP API Security Top 10, and OWASP Top 10 for LLMs.
  • Proficiency with standard tooling: Burp Suite, OWASP ZAP, Nmap, Metasploit, SQLmap, Nikto.
  • Demonstrated ability to exploit and document authentication/authorization flaws, injection vulnerabilities, XXE, SSRF, deserialization issues, and insecure direct object references.
  • Strong written communications: findings reports must be usable by both developers and executives.
  • Experience testing RESTful and/or GraphQL APIs.
  • Experience with AWS environment security assessment (IAM misconfiguration, S3 exposure, Lambda attack surface).
  • Scripting proficiency in Python, Bash, or JavaScript for custom tooling and automation.
  • Familiarity with automotive, logistics, or fintech regulatory requirements (PCI DSS, SOC 2 Type II).
  • Prior experience in a startup or high-growth SaaS environment where speed and security have to coexist.

Certificates, Licenses, and/or Registrations:
  • OSCP, GWAPT, eWPT, or equivalent. CEH is accepted but is less weighted than practical certs.

What is in it for You and Why you Should Apply:
  • Market-competitive pay based on education, experience, and location.
  • Highly competitive medical, dental, vision, Life w/ AD&D, Short-Term Disability insurance, Long-Term Disability insurance, pet insurance, identity theft protection, and a 401(k) retirement savings plan.
  • Employee wellness program.
  • Employee rewards, discounts, and recognition programs.
  • Generous company-paid holidays (12 per year), vacation, and sick time.
  • Paid paternity/maternity leave.
  • Monthly connectivity/home office stipend if working from home 5 days a week.
  • A supportive and positive space for you to grow and expand your career.

Pay Range Disclosure:
The advertised range represents the expected pay range for this position at the time of posting based on education, experience, skills, location, and other factors.
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
RunBuggy is an equal-opportunity employer that is committed to diversity and inclusion in the workplace. We prohibit discrimination, harassment, and retaliation on the basis of race, color, religion, sex (including gender identity and sexual orientation), pregnancy, parental status, national origin, age, disability, genetic information, or any other status protected under federal, state, or local law.
Unsolicited resumes sent via email or LinkedIn Messenger will not be considered.
No agencies, please.
Salary Description
$100,000 to $120,000/yr. DOE