Red Team Offensive Security Engineer

Company Description

Axiado is an AI-enhanced security processor company redefining the control and management of every digital system. The company was founded in 2017, and currently has 150+ employees. At Axiado, developing great technology takes more than talent: it takes amazing people who understand collaboration, respect each other, and go the extra mile to achieve exceptional results. It takes people who have the passion and desire to disrupt the status quo, deliver innovation, and change the world. If you have this type of passion, we invite you to apply for this job.

Job Description

We are seeking a hands-on Red Team Offensive Security Engineer to join our team. This is a unique and challenging opportunity to act as a true adversary, performing deep-dive source code review, static analysis, fuzzing and exploit development/simulation for Axiado’s complex BMC (Baseboard Management Controller) platform and the ecosystem. If you have a passion for breaking sophisticated systems and uncovering zero-day vulnerabilities, we want to hear from you. 

Qualifications

Essential Skills

• Offensive Security Expertise: You have 3+ years of hands-on experience in offensive security. 
• Code Review and Static Code Analysis (Mandatory skill): You have proven fluency in studying and dissecting C and C++ code to find security vulnerabilities in Linux user space and firmware. You also have proficiency in static code analysis tools. 
• Advanced Fuzzing: You have extensive, practical experience with fuzzing user-space C/C++ applications, as well as embedded systems like BMC, firmware, and network protocols. You are proficient with tools like AFL++ and other related fuzzing frameworks. 
• Dynamic Analysis : You have experience with different dynamic analysis methods like runtime analysis and behavioral analysis. 
• Offensive Security Methodology: You have proven ability and practical experience executing the full kill chain—from reconnaissance and initial access to persistence, lateral movement, and data exfiltration. 
• Specialized Domain Knowledge: You have a strong understanding of BMC firmware and the openBMC environment, including protocols like MCTP, Redfish, and dBus. 
• Core Languages: You have strong knowledge of C, C++, Python, and Linux shell programming. 
• Vulnerability & Exploit Development: You have a proven ability to identify vulnerabilities and develop custom exploits. 

Highly Valued Skills

• Experience with lateral movement attack research and simulation, especially from a BMC to a host OS/GPU or other hardware in a server platform. 
• A deeper understanding of applied cryptography and common implementation mistakes within firmware, networking, and application layers. 

About You

• Creativity and Perseverance: The ability to think outside the box and maintain focus when facing complex challenges. 
• Communication: Excellent written and verbal communication skills to articulate highly technical concepts to both technical and executive audiences. 
• Ethics: An unwavering commitment to ethical hacking and strict adherence to a defined Rules of Engagement. 
• Flexibility: The willingness to adapt and perform different job roles as needed to meet team and organizational goals. 
• Education: A Bachelor's or Master's degree in Computer Science is required. 

Additional Information

Axiado is committed to attracting, developing, and retaining the highest caliber talent in a diverse and multifaceted environment. We are headquartered in the heart of Silicon Valley, with access to the world's leading research, technology and talent.

We are building an exceptional team to secure every node on the internet. For us, solving real-world problems takes precedence over purely theoretical problems. As a result, we prefer individuals with persistence, intelligence and high curiosity over pedigree alone. Working hard and smart, continuous learning and mutual support are all part of who we are.

Axiado is an Equal Opportunity Employer. Axiado does not discriminate on the basis of race, religion, color, sex, gender identity, sexual orientation, age, non-disqualifying physical or mental disability, national origin, veteran status or any other basis covered by appropriate law. All employment is decided on the basis of qualifications, merit, and business need.