Why This Job is Featured on The SaaS Jobs
Security roles in SaaS increasingly hinge on proactive validation, and an internal red team function sits at the center of that shift. This Lead, Internal Red Team position is featured because it reflects how modern SaaS and fintech platforms operationalize adversary simulation across cloud, identity, applications, and infrastructure rather than treating penetration testing as a periodic exercise. The remit signals a mature security program where offensive work is expected to influence how systems are built and monitored.
For a SaaS career, the standout value is exposure to security at scale and to the full loop from exploitability to remediation. The role emphasizes chaining vulnerabilities into realistic attack paths, mapping activity to MITRE ATT&CK, and producing reporting that lands with both engineers and executives. That combination builds durable SaaS skills: threat-informed testing, automation-minded assessment, and cross-functional translation of risk into engineering action.
This role is best suited to practitioners who prefer hands-on technical leadership and disciplined, repeatable operations over one-off assessments. It fits someone who enjoys collaborating with detection and response teams, iterating on scenarios based on threat intelligence, and communicating findings with clarity. It also aligns with candidates building a portfolio of write-ups, research, or internal reporting as evidence of offensive depth.
The section above is editorial commentary from The SaaS Jobs, provided to help SaaS professionals understand the role in a broader industry context.
Job Description
Do you want to take the first step in making Filipinos’ lives better everyday? Here in GCash we want to stay at the forefront of the FinTech industry by creating innovative, meaningful, and convenient financial solutions for the nation! G ka ba? Join the G Nation today!
About the job
Do you want to help protect and shape the digital future of millions of Filipinos? At GCash, we operate at a massive scale in one of the most targeted industries in the world - financial services. To stay ahead, we don’t just react to threats; we actively simulate them.
We are looking for a Lead, Offensive Security Engineer to lead and execute advanced red team and offensive security operations. This role is for someone who thinks like an attacker, operates with discipline, and can translate technical findings into meaningful security improvements across the organization.
If you enjoy breaking things responsibly and influencing security strategy, not just running tools, this role is for you.
Key Responsibilities
Lead and execute red team and advanced penetration testing engagements that simulate real-world threat actors across applications, infrastructure, cloud, and identity environments
Identify, exploit, and chain vulnerabilities to demonstrate realistic attack paths and business impact
Design and improve adversary simulation scenarios aligned with real-world threat intelligence and the MITRE ATT&CK framework
Partner closely with blue team, security engineering, and security operations teams to improve detection, response, and overall security posture
Develop tooling, automation, or research to identify security weaknesses at scale and improve testing efficiency
Produce high-quality technical and executive-level reports, clearly communicating risk, impact, and remediation guidance
Stay ahead of emerging threats, techniques, and tooling, continuously evolving red team tradecraft
Preferred Qualifications
1-3 years of hands-on experience in red teaming, offensive security, advanced penetration testing
Proven track record of discovering impactful vulnerabilities, including complex or chained attack paths
Strong understanding of attacker tradecraft, including web, cloud, identity, and infrastructure attack vectors
Practical experience with adversary simulation and the MITRE ATT&CK framework
Ability to lead, mentor, and influence (this is a hands-on leadership role, not just an individual contributor position)
Strong written and verbal communication skills, with the ability to explain technical risk to both engineers and executives
-
At least one practical security certification, such as:
OSCP, OSEP, OSWE, OSED, OSWP, CRTO, CRTL, CRTP, CRTE, GRTP, CPTS, CWEE, CAPE
Candidates are encouraged to include write-ups, research, bug bounty findings, or internal/external reports demonstrating offensive security work.
What We Offer
The opportunity to help build and lead offensive security capabilities in the country’s #1 FinTech platform
Work alongside a highly skilled, collaborative, and mission-driven security team
Real impact - your work directly protects millions of users and high-value financial systems
A culture that values technical excellence, ownership, and continuous improvement
What We Offer
Opportunity for career growth and development in the #1 FinTech company in the country Working with a dynamic and highly collaborative team who want to change the game A company that values their people with highly competitive and flexible compensation and benefits package
