At Siemba, we believe security should be a catalyst for innovation, not a barrier to it. Our mission is to move the industry beyond reactive defense toward a future of Preemptive Security.

Featured across multiple Gartner® Hype Cycle reports and recognized as a Global Top 250 MSSP, Siemba is building a next-generation platform ecosystem that helps organizations continuously discover, validate, and remediate risks before attackers can exploit them.

Our platform suite powers a Continuous Threat Exposure Management (CTEM) approach to security. It includes GenPT, our AI-native security platform for one-click visibility and autonomous testing; GenVA for continuous vulnerability assessment; EASM (External Attack Surface Management) for discovering and monitoring internet-facing assets; and PTaaS (Penetration Testing as a Service) that combines expert-led testing with continuous validation.

From Big 4 consulting firms and global government agencies to fast-growing technology companies, organizations trust Siemba to deliver the continuous visibility and resilience required in today’s threat landscape.

At Siemba, you will work with passionate security researchers, engineers, and innovators who are redefining offensive security and shaping the future of proactive cybersecurity.

Welcome to Siemba. Build the future of security with us.

This role is part of Siemba’s Product R&D team, where offensive security expertise is transformed into automated vulnerability detection, attack logic, and AI-driven testing workflows.

What you will do

• Conduct research initiatives for new product capabilities and proactively optimize existing detection logic to enhance testing performance, accuracy, and depth.
• Brainstorm innovative product features by conducting thorough competitor analysis and research.
• Support the development team during the implementation phase from a technical perspective, ensuring that the feature is implemented accurately and performs effectively within the product.
• Execute and validate automated scans alongside deep manual testing to benchmark, tune, and improve DAST signal quality and reduce false positives.

You should apply if you have

• 2-4 years of experience in offensive security, specifically with a focus on vulnerability research and developing custom detection logics.
• A proven track record in Bug Bounty programs (e.g., HackerOne, Bugcrowd) with documented hall of fame recognitions or high impact vulnerability disclosures.
• Deep working knowledge of tools like BurpSuite, Kali Linux, Qualys, and experience with automation/scripting (Python, Go, or Bash).
• Certifications: OSCP, OSWE, OSCE, OSEP, CRTP, or equivalent advanced offensive security certifications
• Experience in mapping kill chains, performing Root Cause Analysis, and designing complex pentest strategies.
• Flexibility working remotely with a globally distributed team.