Engineer I (Offensive Security), Information Security Assurance & Response

Merrick Bank employees share in our mission to delight our customers and empower underserved consumers to achieve their credit goals. In return, we delight our associates; ensuring they are noticed, heard, appreciated and understand the importance of their role(s). For over 20 years, our Guiding Principles of; doing the right thing, putting the customer first, and Earn, Learn, Have Fun (aka E.L.F.), have defined who we are as an Employer of Choice. Give Yourself Credit, Work at Merrick!

Position Summary :

The Offensive Security Engineer I operates, monitors, and improves information security processes and systems that protect the Bank's data, customers, and computer systems from business disruption, data / identity compromise, cyber fraud, and regulatory criticism. This role focuses on application and development security, application penetration testing capabilities, and cloud infrastructure / platform security.

Essential Functions :

Key Offensive Security responsibilities include :

• Conducting Red Team Exercises to simulate Advanced Persistent Threats (APTs) against web, mobile, and cloud-based applications to identify security weaknesses and assess the effectiveness of security controls.
• Perform in-depth manual and automated penetration testing against Cloud and On Prem Networks and applications to discover vulnerabilities and weaknesses that could be exploited.
• Work with development teams to identify potential security threats early in the software development lifecycle (SDLC) and provide recommendations to mitigate risks.
• Develop and enhance tools, scripts, and frameworks to automate testing and reporting processes, including setting up continuous integration (CI) security checks.
• Document findings in detailed, actionable reports for both technical and non-technical stakeholders. Communicate effectively with developers, engineers, and executive leadership on remediation strategies.
• Collaborate with Blue Team (defensive security), DevOps, and engineering teams to improve detection and response capabilities.
• Stay updated on the latest security threats, vulnerabilities, and exploits, and apply this knowledge to enhance Red Team operations.

Each Security Engineer is also responsible to cross-train and be familiar with other security functions as assigned :

Compliance with Laws & Regulations :

Education and Experience :

Summary of Qualifications :

We offer a total rewards package comprised of a competitive base rate of pay, variable pay incentive programs based on the role, and a comprehensive benefit suite. Offered rates of pay are determined based on job-related knowledge, relevant experience, skills, certifications, and geographic location. Our benefits offerings include medical, dental, vision, life insurance, 401(k) plan with company match, paid vacation time, sick time, as well as other benefits and programs to meet the needs of our employees. Further details will be shared during the interview or offer process, as appropriate and applicable.

We are an equal opportunity employer, and we evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status or any other legally protected characteristic. We will conduct a thorough background check for all hires in compliance with applicable law which includes (but may not be limited to) a review of factors including drug testing and employment / personal references.

Other details

Apply Now