Staff Security Engineer, Offensive Security, Level 6

Snap Inc is a technology company. We believe the camera presents the greatest opportunity to improve the way people live and communicate. Snap contributes to human progress by empowering people to express themselves, live in the moment, learn about the world, and have fun together. The Company’s three core products are Snapchat, a visual messaging app that enhances your relationships with friends, family, and the world; Lens Studio, an augmented reality platform that powers AR across Snapchat and other services; and its AR glasses, Spectacles.

We’re looking for a Staff Security Engineer to join our Offensive Security Team! The team specializes in designing comprehensive engagements and exercises that simulate advanced adversarial tactics, highlighting strengths in our security and privacy posture while uncovering vulnerabilities and inadequate defenses, informing the business where we need to tactically and strategically address gaps.

What you’ll do:

• Design, execute, and lead offensive security and privacy engagements, including red, purple, and orange team exercises, across corporate environments, cloud projects/accounts, internal applications, and mobile client applications. 

• Maintain a comprehensive understanding of real-world threat actors, their tools, tactics, and procedures, with a propensity to target Snap, collaborating extensively with the threat intelligence team to enumerate exhaustive killchains that seed and prioritize the future engagement roadmap.

• Deliver detailed post-engagement reports that identify vulnerabilities, highlight strengths and weaknesses in our security posture, assess detection coverage, and provide actionable recommendations, including prioritized risk mitigation strategies and improvements to defensive measures.

• Implement and manage offensive security engagement infrastructure and tooling to conduct covert operations and mimic the tactics of relevant adversaries, including the development of custom implants, payloads, and exploits to thoroughly test and evaluate our defenses.

• Collaborate closely with other security and privacy teams to share insights from engagements, informing strategic roadmaps by identifying priority areas for improvement and aligning on initiatives.

• Serve as a subject matter expert and consultant to other security and privacy teams, participating in security reviews, reproducing vulnerabilities, and contributing to high-stakes incident response efforts.

• Explore novel research topics relevant to our tech stack to proactively improve our security posture and integrate lessons learned into future exercises.

Required Knowledge, Skills & Abilities:

• Proven experience in leading offensive security engagements, coordinating multiple security engineers, and managing and executing assessments to thoroughly test and evaluate security measures.

• Expert knowledge in four or more of the following: operating system internals, networking, application development, mobile client development, Kubernetes, cloud infrastructure (AWS/GCP), and payload/implant/exploit development.

• Coding proficiency in one or more modern languages, including Java, Python, Go, etc.

• Adept at threat modeling and establishing killchains

• Proficiency in scripting languages like Bash and PowerShell to automate security tasks and improve efficiency of engagements.

• Possess an insatiable drive for learning and the ability to thrive in new, unique, and complex technical environments, with the capability to build a foundational understanding and effectively apply it within the context of engagements.

Minimum Qualifications:

• Bachelor of Science in Computer Science, Engineering, Information Systems, or equivalent years of experience in a related technical field.

  • You may also provide evidence of personal security research (CVEs or blogs), public bug bounty reports, previous CTF participation, and/or code repositories on GitHub showcasing personally developed security tools

• 9+ years of experience in the field of offensive security or related security role

Preferred Qualifications:

• Familiar with frameworks like ATT&CK to represent tools, tactics, and procedures.

• Experience in leading or participating in incident response efforts, with a deep understanding of digital forensics, detection engineering, and threat hunting.

• Proven ability to work effectively with cross-functional teams at all-levels, including developers, IT, and executive leadership, to align security measures with organizational goals.

If you have a disability or special need that requires accommodation, please don’t be shy and provide us some information.

"Default Together" Policy at Snap: At Snap Inc. we believe that being together in person helps us build our culture faster, reinforce our values, and serve our community, customers and partners better through dynamic collaboration. To reflect this, we practice a “default together” approach and expect our team members to work in an office 4+ days per week. 

At Snap, we believe that having a team of diverse backgrounds and voices working together will enable us to create innovative products that improve the way people live and communicate. Snap is proud to be an equal opportunity employer, and committed to providing employment opportunities regardless of race, religious creed, color, national origin, ancestry, physical disability, mental disability, medical condition, genetic information, marital status, sex, gender, gender identity, gender expression, pregnancy, childbirth and breastfeeding, age, sexual orientation, military or veteran status, or any other protected classification, in accordance with applicable federal, state, and local laws. EOE, including disability/vets.

Our Benefits: Snap Inc. is its own community, so we’ve got your back! We do our best to make sure you and your loved ones have everything you need to be happy and healthy, on your own terms. Our benefits are built around your needs and include paid parental leave, comprehensive medical coverage, emotional and mental health support programs, and compensation packages that let you share in Snap’s long-term success!

Compensation

In the United States, work locations are assigned a pay zone which determines the salary range for the position. The successful candidate’s starting pay will be determined based on job-related skills, experience, qualifications, work location, and market conditions. The starting pay may be negotiable within the salary range for the position. These pay zones may be modified in the future.

Zone A (CA, WA, NYC):

The base salary range for this position is $251,000-$377,000 annually.

Zone B:

The base salary range for this position is $238,000-$358,000 annually.

Zone C:

The base salary range for this position is $213,000-$320,000 annually.

This position is eligible for equity in the form of RSUs.