Search 
jobs
Explore 
companies
My job alerts

Offensive Security Principal (Red Team)

Airkit

Airkit

Israel · Remote
Posted on Feb 12, 2026
Apply now

Description

Note: By applying to the Software Development posting, recruiters and hiring managers across the organization hiring Software Engineers will review your resume. Our goal is for you to apply once and have your resume reviewed by multiple hiring teams.

We are seeking an Offensive Security Principal (Red Team) to join our security team in Israel. This is a senior, hands-on technical role where you will serve as a trusted expert and technical authority, leading the most advanced and impactful adversary simulation operations across Salesforce's products, platforms, and enterprise environment. You will operate at the principal level, owning complex, end-to-end attack scenarios that mirror real-world threat actors' tactics, motivations, and objectives. As part of our security organization, you will play a critical role in strengthening Salesforce's security posture by exposing systemic weaknesses, challenging defensive assumptions, and driving meaningful improvements in our ability to detect and respond to sophisticated threats.

Responsibilities

In this role, you will design and personally execute complex, high-impact red team operations spanning the entire attack kill chain—from initial access through objective completion. You will simulate real-world threat actors by applying their tactics, techniques, and operational constraints to identify, exploit, and chain vulnerabilities across applications, identity systems, cloud environments, and enterprise infrastructure. Your work will directly influence how Salesforce defends against advanced persistent threats.

Day-to-day, you will develop and refine advanced offensive tradecraft, including novel exploitation techniques, custom tooling and payloads, and sophisticated bypasses of security controls and detections. You will analyze Salesforce products and platforms through an adversary's lens, understanding how threat actors might abuse, exploit, and chain vulnerabilities to achieve their objectives. You will act as the technical escalation point for complex exploitation paths, advanced attack chain validation, and challenging findings that require deep expertise to resolve.

You will partner closely with the Red Team Director on campaign design and prioritization, collaborate with Detection & Response teams to stress-test visibility and response capabilities, and work alongside engineering and platform teams to explain root causes and drive durable security fixes. A key aspect of this role involves translating sophisticated attack scenarios into clear, technically rigorous remediation guidance that enables teams across the organization to understand not just what vulnerabilities exist, but why defenses failed and which changes will meaningfully disrupt real threat actors.

As a principal-level contributor, you will mentor engineers and security professionals, raising the technical bar across the organization and evolving red team methodologies to stay ahead of emerging threats. Through this work, you will gain unparalleled experience in offensive security at enterprise scale, deepen your understanding of cloud-native and distributed system security, and make a measurable impact on the security resilience of products used by millions of customers worldwide.

Required Qualifications

  • Degree or equivalent relevant experience required. Experience will be evaluated based on the core competencies for the role (e.g. extracurricular leadership roles, military experience, volunteer roles, work experience, etc.)
  • Deep, proven expertise in offensive security, including red teaming, high-impact penetration testing, or adversary simulation, with a strong attacker mindset
  • Extensive hands-on experience executing realistic, end-to-end adversary attack campaigns
  • Strong understanding of threat actor tactics, techniques, and procedures (TTPs) and attacker objectives and decision-making across the kill chain
  • Strong understanding of identity, authorization, and trust abuse at scale
  • Strong understanding of application security and attack paths
  • Strong understanding of cloud and hybrid enterprise attack surfaces
  • Hands-on experience with manual exploitation and advanced attack chaining
  • Hands-on experience with custom tooling, exploitation, and/or payload development
  • Hands-on experience bypassing layered security controls and detections
  • Ability to clearly articulate how attackers achieved objectives, why defenses failed at each stage of the kill chain, and which changes will meaningfully disrupt real threat actors
  • Strong communication skills and ability to influence across teams without formal authority

Preferred Qualifications

  • Track record of security research or vulnerability discovery, CVEs, publications, blogs, or conference talks
  • Experience in adversary emulation, breach/assumed breach, or long-running campaigns
  • Malware analysis background and/or exploit development experience informed by real-world threat actor behavior
  • Experience collaborating closely with Detection & Response or Purple Team functions
  • Familiarity with cloud-native architectures, identity-centric security models, and large-scale distributed systems

Benefits & Perks

Check out our benefits site which explains our various benefits, including wellbeing reimbursement, generous parental leave, adoption assistance, fertility benefits, and more.

Salesforce Information

Check out our Salesforce Engineering Site.

Apply now
See more open positions at Airkit
Privacy policyCookie policy