Offensive Security Specialist (Red Team) in London

Who we are is what we do. Deel is the all-in-one payroll and HR platform for global teams. Our vision is to unlock global opportunity for every person, team, and business. Built for the way the world works today, Deel combines HRIS, payroll, compliance, benefits, performance, and equipment management into one seamless platform. With AI-powered tools and a fully owned payroll infrastructure, Deel supports every worker type in 150+ countries—helping businesses scale smarter, faster, and more compliantly.

About the Role:

Deel is seeking a highly skilled Offensive Security Specialist with deep experience in web, mobile, network, infrastructure, and cloud penetration testing, as well as designing and executing end-to-end red and purple team engagements. In this role, you will craft and execute offensive security initiatives that continually challenge our defenses. This role isn’t your typical penetration testing job - it’s an opportunity to engage broadly and deeply, devise innovative attack emulations, work in close partnership with the blue team, engineering, and influence strategic security improvements across the organization.

The primary focus of this position is on continuously testing the security of our products. These systems are high-value targets because they are rapidly evolving and present large, diverse attack surfaces. You will play a crucial role in securing our web and mobile applications by hunting vulnerabilities that emerge from the complex interactions between applications and the infrastructure that powers them. You’ll have the chance to not only find vulnerabilities, but also actively drive their remediation, automate offensive techniques using cutting-edge technologies, and leverage your unique attacker perspective to shape our security strategy.

Responsibilities:

• Perform comprehensive penetration testing on our diverse suite of products and services to uncover security flaws before adversaries can exploit them.
• Design and execute adversary emulation engagements aligned with the MITRE ATT&CK framework and real-world tactics, techniques, and procedures (TTPs) to ensure our simulations mirror actual threat actors.
• Continuously hunt for vulnerabilities across our web and mobile applications, as well as within our underlying infrastructure and cloud environments, proactively identifying security vulnerabilities.
• Perform specialized penetration testing on AI-based systems and platforms, evaluating the security of machine learning applications and related technologies for novel vulnerabilities.
• Conduct targeted cyber threat intelligence research to inform offensive operations, ensuring that red team scenarios are based on current and relevant threat actor behaviors and support investigations.
• Design and execute phishing campaigns and other social engineering exercises to test and improve organizational awareness and resilience against human-focused attacks.
• Develop custom exploits, tools, and automation to enhance red team operations, enabling more efficient and stealthy attack simulations and the ability to bypass advanced security controls.
• Conduct purple team operations that simulate realistic attack scenarios to test our organization’s detection and response capabilities.
• Partner with defensive security and engineering teams to translate findings into measurable security improvements.
• Influence the organization’s security strategy by providing attacker-minded insight into risk assessment and threat modeling.
• Contribute to the continuous improvement of the offensive security program, refining our red team methodologies, playbooks, and tools, and mentoring others in advanced attack techniques.

Qualifications:

• 5+ years of hands-on experience in Red Teaming, Offensive Security, or Penetration Testing.
• Deep expertise in offensive security operations within modern and cutting-edge technology environments.
• Experience designing, developing, or assessing the security of a wide range of systems, including web and mobile applications, network and cloud infrastructure, microservices, and AI-powered platforms.
• Demonstrated mastery in evaluating complex technology stacks, including containerized and Kubernetes environments, CI/CD pipelines, various operating systems, cutting-edge technologies, and AI-powered platforms and systems.
• Strong understanding of trust boundaries and dynamic risk assessment.
• Coding and scripting skills, with the ability to develop robust custom tools and automation to support offensive operations.
• Ability to communicate complex technical concepts to diverse audiences effectively.
• Proven track record of not only discovering critical vulnerabilities but also driving their remediation.

Helpful points:

• Prior experience in fast-paced technology environments.
• Ability to learn and adapt quickly to new languages, frameworks, and technologies.
• Experience supporting security incident investigations and contributing threat intelligence insights.
• Strong communication skills with the ability to translate technical findings into business risks.
• Familiarity with AI systems and their security considerations is a plus.
• Relevant security certifications (e.g., OSCP, OSCE, OSEP, GIAC GPEN/GXPN, etc.) are a plus.

Total Rewards:

Our workforce deserves fair and competitive pay that meets them where they are. With scalable benefits, rewards, and perks, our total rewards programs reflect our commitment to inclusivity and access for all.

At Deel, we’re an equal-opportunity employer that values diversity and positively encourages applications from suitably qualified and eligible candidates regardless of race, religion, sex, national origin, gender, sexual orientation, age, marital status, veteran status, disability status, pregnancy or maternity or other applicable legally protected characteristics.