Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
Acrisure

Red Team Engineer

Acrisure

Hands-on offensive security engineer at Acrisure finding vulnerabilities in web applications and APIs. Conducting security assessments and collaborating with engineering teams to enhance security.

Posted 6/12/2026full-timeGrand Rapids • Missouri, Oklahoma • 🇺🇸 United StatesMid-LevelSeniorWebsite

Tech Stack

Tools & technologies
AWSAzureCloudGraphQLJavaJavaScriptMicroservices.NETPythonTypeScript

About the role

Key responsibilities & impact
  • Conduct deep manual penetration tests against web applications, REST/GraphQL APIs, and microservices — focusing on authentication, authorization (IDOR/BOLA), session management, injection, and business logic flaws
  • Perform source-code-assisted testing (grey-box/white-box) using access to application repositories to identify vulnerabilities that black-box testing misses
  • Test multi-tenant isolation boundaries — proving or disproving cross-tenant data access, privilege escalation, and tenant-escape scenarios in SaaS platforms
  • Assess authentication and session architectures: OAuth/OIDC flows, JWT handling, MFA bypass, token lifecycle, and session revocation effectiveness
  • Validate authorization models end-to-end — from API gateway to data layer — identifying gaps where opt-in security filters can be bypassed or omitted
  • Execute targeted assessments of high-risk application changes, new features, and integrations as part of the secure development lifecycle
  • Use AI tools (LLMs, copilots, agentic frameworks) to accelerate vulnerability discovery, payload generation, reconnaissance, and report writing
  • Build and maintain AI-assisted attack workflows — automated recon pipelines, intelligent fuzzing, pattern-based code review, and exploit chain analysis
  • Assess AI-integrated application features for prompt injection, training data leakage, model manipulation, excessive agency, and insecure output handling (OWASP LLM Top 10)
  • Conduct penetration tests against cloud-hosted applications and services in AWS and Azure — including serverless functions, container workloads, and managed services
  • Test cloud identity and access configurations — IAM policies, role assumptions, cross-account access, service principal permissions, and privilege escalation paths

Requirements

What you’ll need
  • 4+ years of hands-on experience in penetration testing, with a primary focus on web applications and APIs
  • Deep understanding of web application vulnerabilities beyond OWASP Top 10 — including business logic flaws, authorization model weaknesses (IDOR/BOLA), race conditions, and authentication/session architecture attacks
  • Experience testing multi-tenant SaaS applications and understanding tenant isolation patterns and failure modes
  • Proficiency with web application testing tools: Burp Suite Professional, custom extensions, and manual testing methodologies
  • Scripting and automation skills (Python, JavaScript, or similar) for exploit development, custom tooling, and test automation
  • Working knowledge of cloud platforms (AWS and/or Azure) — enough to test cloud-hosted applications and understand IAM, networking, and service configurations
  • Familiarity with source code review for security — ability to read and analyze application code (.NET/C#, Java, JavaScript/TypeScript, or Python) to identify vulnerabilities
  • Experience producing professional penetration test reports with clear evidence, risk ratings, and remediation guidance

Benefits

Comp & perks
  • Comprehensive medical insurance, dental insurance, and vision insurance
  • Life and disability insurance
  • Fertility benefits
  • Wellness resources
  • Paid sick time
  • Generous paid time off and holidays
  • Employee Assistance Program (EAP)
  • Complimentary Calm app subscription
  • Immediate vesting in a 401(k) plan
  • Health Savings Account (HSA) and Flexible Spending Account (FSA) options
  • Commuter benefits
  • Employee discount programs
  • Paid maternity leave and paid paternity leave (including for adoptive parents)
  • Legal plan options
  • Pet insurance coverage

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
penetration testingweb application vulnerabilitiesauthentication architectureauthorization modelsscriptingautomationsource code reviewexploit developmenttest automationcloud security