Lead Offensive Security Engineer

About the role

GCash is looking for a Lead Offensive Security Engineer to shape the digital safety of millions of Filipinos. You will head advanced red‑team operations, simulate real‑world attackers, and turn findings into concrete security improvements.

Key responsibilities

• Lead and execute red‑team and advanced penetration‑testing engagements across applications, infrastructure, cloud, and identity environments.
• Identify, exploit, and chain vulnerabilities to demonstrate realistic attack paths and business impact.
• Design adversary‑simulation scenarios aligned with MITRE ATT&CK and current threat intelligence.
• Collaborate with blue‑team, security engineering, and operations to enhance detection and response.
• Develop tooling, automation, or research to scale security testing and improve efficiency.
• Produce high‑quality technical and executive reports that clearly communicate risk, impact, and remediation guidance.
• Stay ahead of emerging threats, techniques, and tools, continuously evolving red‑team tradecraft.

Required profile

• 1‑3 years of hands‑on red‑team, offensive security, or advanced penetration‑testing experience.
• Proven track record of discovering impactful, chained vulnerabilities.
• Strong understanding of attacker tradecraft across web, cloud, identity, and infrastructure.
• Ability to lead, mentor, and influence security teams.
• Excellent written and verbal communication skills for both technical and executive audiences.
• At least one recognized security certification (e.g., OSCP, OSEP, OSWE, CRTP, etc.).

Required skills

• Red teaming
• Advanced penetration testing
• MITRE ATT&CK framework
• Web application security
• Cloud security
• Identity and access security
• Infrastructure security
• Security certifications such as OSCP, OSEP, OSWE, OSED, OSWP, CRTO, CRTL, CRTP, CRTE, GRTP, CPTS, CWEE, CAPE

What we offer

• Opportunity to build and lead offensive security capabilities on the country’s #1 FinTech platform.
• Collaboration with a highly skilled, mission‑driven security team.
• Exposure to large‑scale financial services environments.