Adversarial Engineer

Company Mission - Our mission is to help secure as many companies as possible, by using the best way of doing so, penetration testing. Sprocket Security prioritizes offensive security for enterprises, empowering them to build robust defense strategies based on individual business risk.

How - At Sprocket Security, we've built an expert-driven Continuous Penetration Testing platform that blends cutting-edge automated and manual testing methods.

Your Mission - You will be part of Sprocket Security’s R&D team, focused on building the adversarial capabilities that power our Continuous Penetration Testing platform. Your mission is to research, design, and deliver Task-as-Code attack automations and to prototype autonomous penetration testing systems.

This is a code-heavy, research-driven role. You will translate real-world adversary tactics into stable, reproducible attack logic that can safely operate across customer environments at scale. Success means delivering exploit capabilities that work reliably, minimize customer impact, and are suitable for production use.

You will collaborate closely with R&D, Service Delivery, Engineering, and Product Management to ensure new capabilities meet real operational needs and can be productized.

Responsibilities:

• Build and maintain Task-as-Code attack automations.
• Research and prototype autonomous and agent-based penetration testing systems.
• Develop exploits across multiple vulnerability classes (auth bypass, command injection, deserialization, SQLi, RCE, OWASP Top 10).
• Ensure exploit reliability, reproducibility, cleanup, and minimal customer impact.
• Translate emerging vulnerability research into production-ready capabilities.
• Write high-quality Python code following strong software development practices.
• Create and maintain Nuclei templates and custom exploitation logic.
• Use containers (Docker) to deliver consistent execution environments.
• Collaborate with Service Delivery on requirements and real-world validation.
• Partner with Engineering to hand off prototypes for platform integration.
• Work with Product Management in an agile, sprint-based process.

Requirements:

Minimum:

• Experience in red teaming, exploit development, or adversarial capability development.
• Strong, hands-on Python development experience.
• Experience building security automation frameworks.
• Proven exploitation of multiple vulnerability classes across different stacks.
• Familiarity with penetration testing and red team methodologies.
• Experience with git-based workflows and modern software development practices.
• Experience working with containers (Docker).
• Ability to read and understand multiple programming languages.
• Experience testing or operating at scale.
• Familiarity with modern cloud environments.
• Ability to work independently and execute with minimal supervision.
• Clear written and verbal communication skills.
• United States resident.

Preferred:

• Hands-on experience with Nuclei, Metasploit, and related tools.
• OSCP or equivalent hands-on skill level.
• Exposure to autonomous or agentic systems.
• Open-source contributions or published security research.

Benefits: 

• Unlimited and mandatory PTO for healthy work/life balance.
• Company matched 401k (immediate eligibility, no one should have to wait to start saving).
• 75% company contribution for health insurance for employees and 50% for dependants.
• 100% company contribution for dental and vision.
• Work whatever schedule works best for you. We care about results, not 9-5.
• Hardware and tools of your choice
• Support for your career development with paid training, conferences, certifications, etc. 

Location: Remote, but resides in the US.