Senior Offensive Security Engineer

About Flynaut LLC

Flynaut is a global leader in digital transformation, partnering with startups, SMEs, and large enterprises across various industries since 2004. Our team of passionate professionals transforms visionary ideas into groundbreaking realities by delivering cutting-edge mobile apps, robust web platforms, and comprehensive IT solutions. With expertise in healthcare, finance, education, retail, and more, we craft tailored solutions that exceed expectations. We prioritize innovation and quality, building lasting relationships based on trust and transparency, and have successfully delivered hundreds of projects that drive tangible business outcomes.

🎯 Role Overview

We’re seeking a security virtuoso who thrives across the offensive spectrum—someone who can infiltrate hardened environments, dissect mobile and web applications, and audit source code with surgical precision. This hybrid role demands mastery in adversarial simulation, deep application-layer testing, and secure development practices. You’ll be the architect of chaos and the guardian of clarity.

________________________________________

🔍 Key Responsibilities

Red Team Operations

•   Design and execute stealthy, multi-stage adversarial campaigns across cloud, on-prem, and hybrid infrastructures
•   Develop custom implants, payloads, and C2 frameworks to bypass EDR, NDR, and SIEM
•   Emulate APT-level TTPs using MITRE ATT&CK, threat intelligence, and bespoke tradecraft
•   Conduct physical intrusion simulations, RFID cloning, and social engineering ops
  
  

•   Perform manual and automated testing of Android/iOS apps and modern web platforms
•   Reverse engineer mobile binaries (APK/IPA), analyze obfuscated code, and exploit runtime vulnerabilities
•   Identify SSRF, IDOR, race conditions, insecure storage, and API flaws across mobile/web ecosystems
•   Test GraphQL, WebSockets, and single-page applications for logic flaws and chained exploits
  
  

•   Conduct deep-dive code audits across multiple languages including Java, Kotlin, Swift, JavaScript, and Python
•   Identify insecure coding patterns, logic flaws, and architectural weaknesses
•   Collaborate with development teams to integrate secure coding practices and threat modeling
•   Build static/dynamic analysis pipelines and custom linters for CI/CD integration
  
  

•   Minimum 7 years in offensive security, with hands-on experience in red teaming, application testing, and code review
•   Mastery of tools such as Cobalt Strike, Sliver, Mythic, Burp Suite Pro, Frida, MobSF, and custom-built utilities
•   Deep understanding of Active Directory abuse, Kerberos delegation, cloud attack paths (Azure, AWS, GCP), and container security
•   Strong programming and code auditing skills across multiple languages and frameworks
•   Familiarity with OWASP Top 10, MASVS, PTES, and secure SDLC methodologies
  
  

•   GIAC Red Teaming Certification (GRT)
•   GIAC Penetration Tester (GPEN)
•   GIAC Web Application Penetration Tester (GWAPT)
•   GIAC Mobile Device Security Analyst (GMOB)