Sr. Offensive Security Engineer

Our Mission  

SPAN is enabling electrification for all ⚡

We are a mission-driven company designing, building, and deploying products that electrify the built environment, reduce carbon emissions, and slow the effects of climate change.

• Decarbonization is the process to reduce or remove greenhouse gas emissions, especially carbon dioxide, from entering our atmosphere.

• Electrification is the process of replacing fossil fuel appliances that run on gas or oil with all-electric upgrades for a cleaner way to power our lives.

At SPAN, we believe in:

• Enabling homes and vehicles powered by clean energy

• Making electrification upgrades possible

• Building more resilient homes with reliable backup

• Designing a flexible and distributed electrical grid

The Role

We are looking for a hands-on individual with an offensive security engineering mindset to join us as a Senior Offensive Security Engineer (Threat & Response) as part of the Security team at SPAN. In this role, you will act as our internal ethical hacker, conducting full-scope, threat intelligence-informed adversary emulations across our cloud infrastructure, proprietary applications, and corporate IT assets. We are looking for someone who can continuously simulate real-world cyber attacks to identify vulnerabilities before malicious actors do, while seamlessly leading the full Technical Incident Response (IR) lifecycle, from initial triage and containment through to eradication and post-incident recovery, when security events occur.

What You’ll Do (Responsibilities)

• Execute full-scope adversary emulations against any valuable objectives across SPAN's cloud environments , proprietary web/mobile applications, APIs, and corporate IT infrastructure.

• Lead Technical Incident Response operations during live security events, leveraging your understanding of attacker TTPs to direct rapid containment, threat eradication, and system recovery.

• Provide a crucial feedback loop to our Cloud Infrastructure and Software Engineering teams by translating offensive findings into proactive detection rules and actionable hardening requirements.

• Own the end-to-end VDP pipeline, serving as the primary internal owner for our public vulnerability disclosure channel, managing communications with external researchers, and validating incoming reports.

• Build automated scripts and tools to streamline continuous internal security testing, vulnerability scanning, and VDP triage workflows

• Utilize frameworks like MITRE ATT&CK to design and execute red team scenarios that rigorously test the organization’s live detection capabilities, defense evasion thresholds, and IR readiness.

• Develop and maintain Incident Response playbooks and runbooks to standardize our technical response to cloud, application, and infrastructure breaches.

• Conduct root-cause analysis and digital forensics post-incident to reconstruct attacker timelines, identify Indicators of Compromise (IoCs), and perform comprehensive post-incident reviews.

What You’ll Bring (Qualifications)

• Experience: 6+ years of professional experience in offensive security (penetration testing, red teaming), dedicated technical incident response, or a closely related field.

• Incident Response (IR) Mastery: Demonstrated experience executing the full IR lifecycle (e.g., NIST SP 800-61 or SANS frameworks) and managing critical security breaches under high-pressure conditions.

• DFIR & Log Analysis: Strong capability in parsing complex log data, analyzing system telemetry, and leveraging forensics techniques to track adversarial movement across a network.

• Cloud Security: Advanced hands-on experience exploiting and securing modern cloud infrastructure , containerized environments (Docker/Kubernetes), and complex IAM policies.

• Application Hacking: Deep technical expertise in web application and API security, including a masterful understanding of the OWASP Top 10 and complex business logic flaws.

• Automation & Scripting: Decent programming proficiency in Python, Go, or Bash for developing custom exploitation tools, automating proofs-of-concept, and parsing security logs.

• Breaker Mindset: A proven track record of finding critical vulnerabilities (via bug bounties, VDPs, or professional engagements) paired with the analytical, defensive mindset required to hunt threats and isolate incidents.

Life at SPAN

Headquartered in San Francisco’s vibrant SoMa neighborhood, we are an eclectic group of creative thinkers who value open communication, teamwork, and a ‘make it happen’ approach to addressing complex challenges. 

SPAN embraces diversity and equal opportunity in a serious way. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. 

We’re hiring talented individuals who are driven by success and are passionate about shaping the future of renewable energy. If that sounds like you, we’d love for you to consider joining the rapidly growing team at SPAN.

The Perks:

⚡ Competitive compensation + equity grants at a well-funded, venture-backed company

⚡ Comprehensive benefits: 100% employee premiums for base plans on medical, dental, vision with options for additional coverage.  Parental leave up to twenty four (24)  weeks depending on eligibility

⚡ Comfortable, sunny office space located near BART and Caltrain public transit

⚡ Strong focus on team building and company culture: Employee Resource Groups, monthly social events, SPANcakes recognition breakfast, lunch, and learns

⚡ Flexible hours, one holiday per month, and flexible time off

Interested in joining our team? Apply today and we’ll be in touch with the next steps!