About Firebolt

Firebolt is a cloud data warehouse built for the speed, scale, and flexibility required by modern Data & AI applications. By delivering ultra-low latency, high concurrency, and multi-dimensional elasticity, Firebolt enables teams to build data-intensive AI products that perform at scale. Backed by over $270M in funding and led by a world-class engineering team and experienced leadership, Firebolt is redefining AI data infrastructure and helping companies unlock the full potential of their data.

Description:

At Firebolt, security is built into everything we do. As we scale our high-performance cloud data warehouse platform, we’re looking for an exceptional Offensive Security Engineer to join our Security Research team and proactively strengthen our product’s security posture.

You’ll play a critical role in developing advanced offensive tests, simulating real-world attacks, and integrating automated security workflows directly into our CI/CD pipelines. If you’re passionate about pushing the limits of offensive security and applying AI and LLMs to take things further—this is your chance to do just that.

Key Responsibilities:

• Perform comprehensive black-box and gray-box penetration tests on core product components including frontend UI, APIs, client-side drivers, and backend microservices.
• Build and maintain custom API fuzzers to identify logic flaws, crashes, and unexpected behaviors.
• Automate offensive tests and integrate them into CI/CD workflows for continuous validation.
• Apply AI/LLM techniques to enrich attack simulations, expand test coverage, and develop novel vectors.
• Document findings clearly with actionable countermeasures; collaborate with engineering teams on timely remediation.

• Strong experience with penetration testing of modern web apps and API frameworks (REST, gRPC, etc.).
• Deep understanding of browser security, client-side attacks, and mitigation strategies.
• Proficiency in Python or Golang with the ability to build robust offensive tooling.
• Experience with CI/CD pipeline security integrations.
• Familiarity with fuzzers (e.g., ffuf) and offensive tools like Burp Suite, OWASP ZAP.
• Practical exposure to at least one major cloud environment (AWS, GCP, Azure).
• Bonus: Experience using LLMs for offensive security tasks or research.