Skip to main content
TryApplyNow
Span logo

Senior Offensive Security Engineer

Span
Full Timesenior
San FranciscoPosted 5 weeks ago

Role Overview

Span is hiring a Senior Offensive Security Engineer. This is a full-time role in San Francisco. Part of Span's Lifecycle hiring. Full responsibilities, required qualifications, and the apply link are listed in the description below.

Salary Context

Salary is not disclosed in this posting. Market median for Senior-level Lifecycle roles is $140k-$187k (based on 49 comparable listings). Many employers share specifics during the interview process or after an initial screen.

Resume Keywords to Include

Make sure these keywords appear in your resume to improve ATS scoring

PythonGoBashDockerKubernetesAPIPipelineTelemetry

Job description

OUR MISSION

SPAN is enabling electrification for all ⚡

WE ARE A MISSION-DRIVEN COMPANY DESIGNING, BUILDING, AND DEPLOYING PRODUCTS THAT ELECTRIFY THE BUILT ENVIRONMENT, REDUCE CARBON EMISSIONS, AND SLOW THE EFFECTS OF CLIMATE CHANGE.

  • Decarbonization is the process to reduce or remove greenhouse gas emissions, especially carbon dioxide, from entering our atmosphere.
  • Electrification is the process of replacing fossil fuel appliances that run on gas or oil with all-electric upgrades for a cleaner way to power our lives.

AT SPAN, WE BELIEVE IN:

  • Enabling homes and vehicles powered by clean energy
  • Making electrification upgrades possible
  • Building more resilient homes with reliable backup
  • Designing a flexible and distributed electrical grid

THE ROLE

We are looking for a hands-on individual with an offensive security engineering mindset to join us as a Senior Offensive Security Engineer (Threat & Response) as part of the Security team at SPAN. In this role, you will act as our internal ethical hacker, conducting full-scope, threat intelligence-informed adversary emulations across our cloud infrastructure, proprietary applications, and corporate IT assets. We are looking for someone who can continuously simulate real-world cyber attacks to identify vulnerabilities before malicious actors do, while seamlessly leading the full Technical Incident Response (IR) lifecycle, from initial triage and containment through to eradication and post-incident recovery, when security events occur.

WHAT YOU’LL DO (RESPONSIBILITIES)

  • Execute full-scope adversary emulations against any valuable objectives across SPAN's cloud environments , proprietary web/mobile applications, APIs, and corporate IT infrastructure.
  • Lead Technical Incident Response operations during live security events, leveraging your understanding of attacker TTPs to direct rapid containment, threat eradication, and system recovery.
  • Provide a crucial feedback loop to our Cloud Infrastructure and Software Engineering teams by translating offensive findings into proactive detection rules and actionable hardening requirements.
  • Own the end-to-end VDP pipeline, serving as the primary internal owner for our public vulnerability disclosure channel, managing communications with external researchers, and validating incoming reports.
  • Build automated scripts and tools to streamline continuous internal security testing, vulnerability scanning, and VDP triage workflows
  • Utilize frameworks like MITRE ATT&CK to design and execute red team scenarios that rigorously test the organization’s live detection capabilities, defense evasion thresholds, and IR readiness.
  • Develop and maintain Incident Response playbooks and runbooks to standardize our technical response to cloud, application, and infrastructure breaches.
  • Conduct root-cause analysis and digital forensics post-incident to reconstruct attacker timelines, identify Indicators of Compromise (IoCs), and perform comprehensive post-incident reviews.

WHAT YOU’LL BRING (QUALIFICATIONS)

  • Experience: 6+ years of professional experience in offensive security (penetration testing, red teaming), dedicated technical incident response, or a closely related field.
  • Incident Response (IR) Mastery: Demonstrated experience executing the full IR lifecycle (e.g., NIST SP 800-61 or SANS frameworks) and managing critical security breaches under high-pressure conditions.
  • DFIR & Log Analysis: Strong capability in parsing complex log data, analyzing system telemetry, and leveraging forensics techniques to track adversarial movement across a network.
  • Cloud Security: Advanced hands-on experience exploiting and securing modern cloud infrastructure , containerized environments (Docker/Kubernetes), and complex IAM policies.
  • Application Hacking: Deep technical expertise in web application and API security, including a masterful understanding of the OWASP Top 10 and complex business logic flaws.
  • Automation & Scripting: Decent programming proficiency in Python, Go, or Bash for developing custom exploitation tools, automating proofs-of-concept, and parsing security logs.
  • Breaker Mindset: A proven track record of finding critical vulnerabilities (via bug bounties, VDPs, or professional engagements) paired with the analytical, defensive mindset required to hunt threats and isolate incidents.

LIFE AT SPAN

Headquartered in San Francisco’s vibrant SoMa neighborhood, we are an eclectic group of creative thinkers who value open communication, teamwork, and a ‘make it happen’ approach to addressing complex challenges.

SPAN embraces diversity and equal opportunity in a serious way. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills.

We’re hiring talented individuals who are driven by success and are passionate about shaping the future of renewable energy. If that sounds like you, we’d love for you to consider joining the rapidly growing team at SPAN.

The Perks:

⚡ Competitive compensation + equity grants at a well-funded, venture-backed company

⚡ Comprehensive benefits: 100% employee premiums for base plans on medical, dental, vision with options for additional coverage. Parental leave up to twenty four (24) weeks depending on eligibility

⚡ Comfortable, sunny office space located near BART and Caltrain public transit

⚡ Strong focus on team building and company culture: Employee Resource Groups, monthly social events, SPANcakes recognition breakfast, lunch, and learns

⚡ Flexible hours, one holiday per month, and flexible time off

Interested in joining our team? Apply today and we’ll be in touch with the next steps!

About Span

Span logo

Span

LifecycleOn-site

10 other open roles at Span on TryApplyNow.

Frequently Asked Questions

How do I apply for the Senior Offensive Security Engineer position at Span?

Use the Apply button above to submit your application directly to Span. Most applications take less than 5 minutes if your resume and contact details are ready, and you'll be routed to the employer's official application system to finish.

Where is the Senior Offensive Security Engineer position at Span located?

This position is based in San Francisco. Span has not indicated remote or hybrid options for this role, so candidates should plan for on-site work.

What does a Senior Offensive Security Engineer at Span earn?

Span has not disclosed a salary range in this posting. Many employers share specifics later in the interview process; you can also ask during a recruiter screen if compensation transparency is important to you.

When was the Senior Offensive Security Engineer role at Span posted?

This role was posted on June 3, 2026 (37 days ago). It's still listed as actively hiring; we re-confirm openings against the source system multiple times per day and remove closed roles.

How much experience does the Senior Offensive Security Engineer role at Span require?

This is a senior-level position. Most senior roles call for 5+ years of directly relevant experience. Span lists their specific requirements in the description below, so review the must-have qualifications closely before applying.

AI-powered job search

Get every job scored to your resume

Upload your resume and get jobs ranked, your resume tailored, and employee contacts found automatically.

Get started free

No credit card to start