Offensive Security Lead

We are Duo, and we’re here to democratize security for everyone. Our mission is to protect the mission of our customers like Facebook, Twitter, and Etsy by making security simple. We’re a diverse crew of makers and builders, skaters and coders, filmmakers and DJs, teachers and students brought together by a shared belief in adding value to the world. This diversity allows us to bring an empathetic approach to solve some of the most complex global business and security challenges we face today.

What you’ll do…

  • Develop and mature the Offensive Security program at Duo in cooperation with cross-organizational stakeholders and partners.
  • Execute against three core deliverable areas:
    • Security Cartography (situational awareness, discovery)
    • Pentesting (Goal-oriented, in cooperation with our AppSec and CloudSec teams)
    • Red Team Ops
  • Collaborate with the Corporate Security teams to improve hardening and monitoring capabilities.
  • Support the Application Security team in pentests where appropriate.
  • Work directly with partners in IT and Production Engineering to identify and track changes in Duo’s risk profile.

Skills you have…

  • You can successfully build and maintain cross-functional relationships.
  • Significant penetration testing experience and offensive capabilities in numerous core competency areas including web applications, networks, infrastructure (cloud and on-prem), native applications, mobile applications.
  • Ability to develop bespoke tooling to solve new needs (Python preferred).
  • You are comfortable in a self-driven environment where, given a high-level goal, you can task out a path to success and execute accordingly.

Reasons why you should apply…

  • You are passionate about helping people fix the problems you find.
  • Breaking things is fun, but making things safer is more fun.
  • Purple is your favorite color - you thrive off of collaboration with blue teams.
  • You are looking for an opportunity to have significant ownership over a critical functional area within a security program.

This job may not be for you if...

  • Your interest and experience is scoped to application security. Keep an eye out for job postings on our AppSec team at
  • You are interested in risk management, but lack technical depth and pentesting skills. Take a look at our compliance postings at
  • Your work ends after the touchdown dance and/or report. We need someone who is personally invested in engaging directly with the IT and product teams tasked to fix issues over the long-term.

Meet Some of Duo Security's Employees

Joni B.

Account Executive, Mid Market

As an account executive, Joni is responsible for growing new business, as well as developing and expanding within the mid-market segment by building solid, trustworthy relationships with customers.

Olabode A.

Research & Development Engineer

Olabode is part of a new team that performs data analysis and product prototyping, discovering new technologies to see how they can be rolled into the products.

Back to top