Offensive Security Specialist (Red Team)

Who we are is what we do.

Deel is the all-in-one payroll and HR platform for global teams. Our vision is to unlock global opportunity for every person, team, and business. Built for the way the world works today, Deel combines HRIS, payroll, compliance, benefits, performance, and equipment management into one seamless platform. With AI-powered tools and a fully owned payroll infrastructure, Deel supports every worker type in 150+ countries—helping businesses scale smarter, faster, and more compliantly.

Among the largest globally distributed companies in the world, our team of 7,000 spans more than 100 countries, speaks 74 languages, and brings a connected and dynamic culture that drives continuous learning and innovation for our customers.

Why should you be part of our success story?

As the fastest-growing Software as a Service (SaaS) company in history, Deel is transforming how global talent connects with world-class companies – breaking down borders that have traditionally limited both hiring and career opportunities. We're not just building software; we're creating the infrastructure for the future of work, enabling a more diverse and inclusive global economy. In 2024 alone, we paid $11.2 billion to workers in nearly 100 currencies and provided healthcare and benefits to workers in 109 countries—ensuring people get paid and protected, no matter where they are.

Our momentum is reflected in our achievements and customer satisfaction: CNBC Disruptor 50,  Forbes Cloud 100, Deloitte Fast 500, and repeated recognition on Y Combinator’s top companies list – all while maintaining a 4.83 average rating from 15,000 reviews across G2, Trustpilot, Captera, Apple and Google.

Your experience at Deel will be a career accelerator. At the forefront of the global work revolution, you'll tackle complex challenges that impact millions of people's working lives. With our momentum—backed by a $17.3 billion valuation and $1 B in Annual Recurring Revenue (ARR) in just over five years—you'll drive meaningful impact while building expertise that makes you a sought-after leader in the transformation of global work.

About the Role:

Deel is seeking a highly skilled Offensive Security Specialist with deep experience in web, mobile, network, infrastructure, and cloud penetration testing, as well as designing and executing end-to-end red and purple team engagements. In this role, you will craft and execute offensive security initiatives that continually challenge our defenses. This role isn't your typical penetration testing job - it's an opportunity to engage broadly and deeply, devise innovative attack emulations, work in close partnership with the blue team, engineering, and influence strategic security improvements across the organization.

The primary focus of this position is on continuously testing the security of our products. These systems are high-value targets because they are rapidly evolving and present large, diverse attack surfaces. You will play a crucial role in securing our web and mobile applications by hunting vulnerabilities that emerge from the complex interactions between applications and the infrastructure that powers them. You'll have the chance to not only find vulnerabilities, but also actively drive their remediation, automate offensive techniques using cutting-edge technologies, and leverage your unique attacker perspective to shape our security strategy.

Responsibilities:

• Perform comprehensive penetration testing on our diverse suite of products and services to uncover security flaws before adversaries can exploit them.

• Design and execute adversary emulation engagements aligned with the MITRE ATT&CK framework and real-world tactics, techniques, and procedures (TTPs) to ensure our simulations mirror actual threat actors.

• Continuously hunt for vulnerabilities across our web and mobile applications, as well as within our underlying infrastructure and cloud environments, proactively identifying security vulnerabilities.

• Perform specialized penetration testing on AI-based systems and platforms, evaluating the security of machine learning applications and related technologies for novel vulnerabilities.

• Conduct targeted cyber threat intelligence research to inform offensive operations, ensuring that red team scenarios are based on current and relevant threat actor behaviors and support investigations.
  Design and execute phishing campaigns and other social engineering exercises to test and improve organizational awareness and resilience against human-focused attacks.

• Develop custom exploits, tools, and automation to enhance red team operations, enabling more efficient and stealthy attack simulations and the ability to bypass advanced security controls.

• Conduct purple team operations that simulate realistic attack scenarios to test our organization’s detection and response capabilities.

• Partner with defensive security and engineering teams to translate findings into measurable security improvements - Enhancing detection, response, and mitigation capabilities; driving timely remediation through robust fixes and delivering clear, actionable communications that articulate risk, impact, and required change.

• Influence the organization’s security strategy by providing attacker-minded insight into risk assessment and threat modeling, helping to reprioritize security initiatives based on real-world attack trends.

• Contribute to the continuous improvement of the offensive security program, refining our red team methodologies, playbooks, and tools, and mentoring others in advanced attack techniques.

Qualifications:

• 5+ years of hands-on experience in Red Teaming, Offensive Security, or Penetration Testing (or exceptional accomplishments that demonstrate equivalent expertise).

• Deep expertise in offensive security operations within modern and cutting-edge technology environments, with a history of simulating sophisticated threats against complex systems.

• Experience designing, developing, or assessing the security of a wide range of systems, including web and mobile applications, network and cloud infrastructure, microservices, and AI-powered platforms.

• Demonstrated mastery in evaluating complex technology stacks, including containerized and Kubernetes environments, CI/CD pipelines, various operating systems, cutting-edge technologies, and AI-powered platforms and systems.

• Strong understanding of trust boundaries and dynamic risk assessment, with the intuition to identify where security assumptions break down in complex, evolving architectures.

• Coding and scripting skills, with the ability to develop robust custom tools and automation to support offensive operations.

• Ability to communicate complex technical concepts to diverse audiences effectively, including through compelling storytelling and narrative techniques to convey the implications of security issues.

• Proven track record of not only discovering critical vulnerabilities but also driving their remediation, contributing fixes or mitigation strategies in complex codebases.

Helpful points:

• Prior experience in fast-paced technology environments, demonstrating adaptability and broad exposure to modern development practices, including cutting-edge technology.

• Ability to learn and adapt quickly to new languages, frameworks, and technologies, staying effective in ever-changing technical landscapes.

• Experience supporting security incident investigations and contributing threat intelligence insights, showing an ability to connect offensive findings to real-world threats and inform defensive strategies.

• Strong communication skills with the ability to translate technical findings into business risks, effectively articulating why a vulnerability matters in terms of impact and urgency.

• Familiarity with AI systems and their security considerations, or a background in AI/machine learning, is a plus given our use of advanced AI technologies.

• Relevant security certifications (e.g., OSCP, OSCE, OSEP, GIAC GPEN/GXPN, etc.) are a plus, indicating a solid foundational knowledge and commitment to the offensive security field.

Total Rewards

Our workforce deserves fair and competitive pay that meets them where they are. With scalable benefits, rewards, and perks, our total rewards programs reflect our commitment to inclusivity and access for all. 

Some things you’ll enjoy

• Stock grant opportunities dependent on your role, employment status and location

• Additional perks and benefits based on your employment status and country

• The flexibility of remote work, including optional WeWork access

At Deel, we’re an equal-opportunity employer that values diversity and positively encourage applications from suitably qualified and eligible candidates regardless of  race, religion, sex, national origin, gender, sexual orientation, age, marital status, veteran status, disability status, pregnancy or maternity or other applicable legally protected characteristics.

Unless otherwise agreed, we will communicate with job applicants using Deel-specific emails, which include @deel.com and other acquired company emails like @payspace.com and @paygroup.com. You can view the most up-to-date job listings at Deel by visiting our careers page.

Deel is an equal-opportunity employer and is committed to cultivating a diverse and inclusive workplace that reflects different abilities, backgrounds, beliefs, experiences, identities and perspectives.

Deel will provide accommodations on request throughout the recruitment, selection and assessment process for applicants with disabilities. If you require accommodations, please inform our Talent Acquisition Team via this link and a team member will be in touch to ensure your equal participation. If you have difficulty accessing the form, please email at recruiting@deel.com.

We use Covey as part of our hiring and/or promotional processes. As part of the evaluation process, we provide Covey with job requirements and candidate-submitted applications. Certain features of the platform may qualify it as an Automated Employment Decision Tool (AEDT) under applicable regulations. For positions in New York City, our use of Covey complies with NYC Local Law 144.

We began using Covey Scout for Inbound on March 30, 2025.

For more information about our data protection practices, please visit our Privacy Policy. You can review the independent bias audit report covering our use of Covey here: https://getcovey.com/nyc-local-law-144