Offensive Security Engineer

About

Position: Staff Offensive Security Engineer

At Vast, our mission is to contribute to a future where billions of people are living and thriving in space. Vast is developing next‑generation space stations to ensure a continuous human presence in space for America and its allies, enabling advanced microgravity research and manufacturing, and unlocking a new space economy for government, corporate, and private customers. Using an incremental, hardware‑rich and low‑cost approach, Vast is rapidly developing its multi‑module Haven Station.

Haven Demo’s 2025 success made Vast the only operational commercial space station company to fly and operate its own spacecraft. Next, Haven‑1 is expected to become the world’s first commercial space station when it launches, followed by additional Haven modules to enable permanent human presence by 2030. Our team is all‑in, committed to executing our mission safely and on time.

If you want to work with the most talented people on Earth furthering space exploration for humanity, come join us.

Location: Long Beach (full‑time, exempt)

Reporting to: Information Security Manager

Role Summary: Build out the team’s offensive security capabilities and support various teams to build cyber‑resilient applications and systems.

---

Responsibilities

• Stand up and scale Vast’s red team capability from inception, defining strategy, engagement models, tradecraft, and operational processes while executing adversary emulation across mission and corporate environments.
• Lead security research and assess the cyber resilience of Vast’s systems, applications, and mission‑critical products, identifying systemic risks before adversaries do.
• Architect and develop advanced adversary simulation tooling and methodologies to challenge security architecture, design decisions, and implementation controls.
• Partner closely with engineering, infrastructure, and security teams to drive remediation, influence secure design decisions, and strengthen long‑term defensive maturity.

---

Minimum Qualifications

• 5+ years of hands‑on experience in security research, penetration testing, or adversarial security engineering.
• Deep understanding of various operating systems, identity systems, and network protocols, with demonstrated experience identifying and exploiting weaknesses in complex enterprise or mission‑critical infrastructure.
• Proficiency in one or more programming languages (e.g., Python, Golang, Rust, C/C++).
• Experience with security research tools and frameworks (e.g., Kali Linux, Burp Suite, Metasploit, etc.).
• Experience assessing and exploiting AWS environments and cloud‑native architectures.
• Demonstrated ability to apply AI or machine learning concepts to augment red team capabilities in complex systems.

---

Preferred Skills & Experience

• Advanced technical certifications such as OSCP, OSEP, CRTO, CPTS, or equivalent demonstrable offensive security expertise.
• Experience designing agentic security automation or applied AI to enhance adversary simulation.
• Prior experience conducting offensive security assessments against space, aerospace, satellite, avionics, or other safety‑critical systems.
• Working knowledge of compliance frameworks such as NIST 800‑171, CMMC 2.0, DFARS 252.204‑7012, ITAR, and EAR, and the ability to operate effectively within regulated environments.
• Experience building or maturing offensive security capabilities within a fast‑paced startup or high‑growth environment.

---

Additional Requirements

• Ability to travel up to 10% of the time.
• Willingness to work overtime, or weekends to support critical mission milestones.

---

Pay Range

• Senior Offensive Security Engineer: $143,500 – $203,700
• Staff Offensive Security Engineer: $158,100 – $226,900

Location: California

Overall Range: $143,500 — $226,900 USD

---

Compensation and Benefits

Base salary will vary depending on job‑related knowledge, education, skills, experience, business needs, and market demand. Salary is just one component of our comprehensive compensation package.