Contact
← Careers
OpenPosted Jun 5, 2026

Founding Offensive Security Engineer

Build and own our attack library: a collection of realistic, reproducible adversary techniques that allows organizations to continuously validate their security posture.

  • Den Bosch, NL
  • Hybrid
  • €4,000–€7,000 / month
  • Full-time
Apply now

At Offensys, we're building the platform that enables enterprise security teams to continuously validate their own defenses. We simulate real-world attacker tradecraft, so organizations don't have to guess whether or not they are secure. With Offensys, they know.

Our mission is simple: to enable our clients to stay ahead of the threat.

At the heart of that mission sits our attack library: a growing collection of realistic, reproducible adversary techniques that allows organizations to continuously validate their security posture against real-world threats.

We're looking for someone who wants to help build and own that foundation.

The Role

As Founding Offensive Security Engineer, you'll sit at the intersection of offensive security, threat intelligence, research, and engineering. You'll be responsible for turning real-world adversary behavior into high-quality attack simulations that help our customers understand their true resilience. You're comfortable implementing procedures ranging from simple scripts to complex, low-level native code that will be run in-memory, and can identify the best way to simulate a given technique while balancing realism, reliability, and development effort.

This is not a role for someone who wants to run the same assessments over and over again. You won't spend your days stitching together one-off exploits or writing reports that disappear into a drawer.

Instead, you'll build reusable offensive capabilities for a platform that can scale across hundreds of organizations. You'll help decide which techniques belong in our attack library, what we prioritize next, how we maintain quality, and how we stay aligned with an ever-evolving threat landscape.

Within a year, you'll be one of the key owners of the offensive knowledge and tradecraft that differentiates Offensys from everyone else.

What you'll do

Most offensive security roles focus on delivering engagements. This role focuses on building capability. Every technique you research, every simulation you create, and every improvement you make becomes part of a platform that helps organizations continuously validate their defenses. Rather than impacting a single assessment or client, your work will influence many security teams and thousands of security decisions.

Your responsibilities will be to:

  • Research emerging threats, adversary behavior, and threat intelligence reports.
  • Translate real-world TTPs into reliable, reproducible attack simulations.
  • Reproduce, analyze, and operationalize malware techniques and offensive tradecraft.
  • Identify the best way to simulate a procedure, ranging from PowerShell scripts to low-level, custom Beacon Object Files (BOFs).
  • Expand and maintain the Offensys attack library.
  • Continuously improve the quality, realism, and effectiveness of our simulations.
  • Build tooling and automation that accelerates research and content development.
  • Work closely with platform engineers to integrate offensive capabilities into the product.
  • Leverage customer feedback and real-world use cases to influence future development.

Who we're looking for

We're looking for someone with a genuine passion for offensive security and a deep curiosity about how attackers operate. Someone who can take a vague threat report, piece together the missing details, and transform it into a meaningful simulation that provides value to customers. You understand that offensive security is ultimately about helping defenders make better decisions. You are forward-thinking, embrace new technologies, and actively leverage AI and automation to increase your effectiveness while maintaining a high bar for quality and accuracy.

Ideally, you bring experience in one or more of the following areas:

  • Offensive security
  • Red teaming
  • Threat emulation
  • Malware development
  • Malware analysis
  • Reverse engineering
  • Detection engineering
  • Security research
  • Security tooling development

You're comfortable writing (low-level) code and building automations. You enjoy investigating how things work, breaking them apart, and turning that knowledge into reusable capabilities.

Experience with endpoint tradecraft, adversary emulation, platform development, or certifications such as OSCP, OSED, OSCE3, CRTO, or CRTL is valuable, but not required.

Open-source contributions, research projects, blog posts, conference talks, or publicly visible work tell us more than a CV full of buzzwords.

What we offer

  • Direct influence on and ownership of the content, quality, and direction of our attack library.
  • Close collaboration with the founders from day one.
  • A high degree of autonomy.
  • Time and freedom for research, experimentation, and innovation.
  • Access to and budget for modern development tooling, including the latest and greatest AI-assisted coding tools.
  • A competitive salary between €4,000 and €7,000 gross per month, depending on experience and profile.
  • 25 vacation days.
  • Hybrid working, with approximately two days per week at our office in Den Bosch (near Central Station).

You'll be one of the first offensive security hires at Offensys. That means you'll help shape not only the library, but also the engineering culture, technical standards, and ways of working that will define the company as it grows. If you're excited about building a category-defining security product and want to have an impact on its future, we'd love to hear from you.

How to apply

Use the application form below. Questions first? Reach out via [email protected].

Apply for this role

Tell us a bit about yourself and attach your CV and (if you like) a cover letter. PDF only, max 10 MB each.