Offensive DevSecOps Engineer

Logitech is the Sweet Spot for people who want their actions to have a positive global impact while having the flexibility to do it in their own way.About the RoleLogitech's security team is evolving the way it tests, validates, and automates security across a complex and diverse product ecosystem.As an Offensive DevSecOps Engineer, you will be responsible for building the tooling, automation, and testing strategies that keep Logitech's security posture continuously validated. You will develop custom security tools, integrate security into CI/CD pipelines, and conduct offensive testing across web applications, APIs, and cloud infrastructure.A core part of this role is building out an AI-assisted security testing strategy using modern AI models to scale code review, automate vulnerability triage, and enhance offensive testing workflows in ways that traditional tooling alone cannot achieve.You will work closely with the Product Security Architect and engineering teams, translating architectural security requirements into practical validation and ensuring that what is designed securely is also tested thoroughly.What You Will DoSecurity Tool Development & DeploymentDesign, build, and maintain custom security automation frameworks, tooling, and integrations that scale the team's testing capabilities far beyond what off-the-shelf solutions can offerOwn the deployment, maintenance, and continuous improvement of the security team's internal tooling infrastructureDevelop automation that turns manual, repetitive security tasks into scalable, repeatable processesAI-Assisted Security Testing StrategyBuild and own Logitech's AI-assisted security testing strategy — integrating models such as Opus 4.6 into CI/CD pipelines for context-aware automated code review, intelligent SAST/DAST triage, and vulnerability discovery at scaleDevelop AI-powered offensive testing workflows, including automated payload generation, fuzzing, and LLM red teaming for Logitech's generative AI features (e.g., testing for prompt injection, jailbreaking, and insecure output handling)Continuously evolve the strategy to cover emerging vulnerability classes, particularly those introduced by AI integrationsCI/CD Pipeline SecurityIntegrate security controls natively into CI/CD pipelines (GitHub Actions, GitLab CI, or equivalent), ensuring SAST, DAST, SCA, and secrets detection are embedded directly into developer workflowsDesign pipeline thresholds and feedback mechanisms that provide developers with actionable, low-noise security signals without becoming a bottleneck to deliveryOwn the ongoing tuning and optimization of automated security checks to minimize false positives and maximize signal qualityOffensive OperationsConduct targeted internal penetration tests across web applications, APIs, and cloud infrastructure to validate the architectural standards defined by the Security ArchitectPerform vulnerability validation and proof-of-concept development to accurately assess and communicate real-world exploitability and business impactExternal Security Program ManagementAct as the technical lead for all external security testing engagements — defining scopes, reviewing methodologies, and validating findings from third-party penetration testing firmsManage Logitech's bug bounty program: triage incoming reports, validate exploitability, communicate with researchers, and drive remediation workflowsWhat You BringExperience5+ years in Offensive Security, DevSecOps, Security Engineering, or a closely related roleDemonstrated experience building and deploying security automation tools in a production engineering environmentHands-on penetration testing experience across web applications, APIs, and cloud infrastructureTechnical SkillsStrong coding and scripting proficiency in one or more languages (Python, Go, Bash) specifically applied to security tooling and automation developmentDeep experience with CI/CD platforms (GitHub Actions, GitLab CI, Jenkins, or equivalent) and integrating SAST, DAST, and SCA tooling into developer pipelinesSolid offensive security skills: web application and API exploitation, authentication bypass, cloud misconfigurations, privilege escalationFamiliarity with vulnerability management platforms and bug bounty triage workflowsWorking knowledge of cloud security (AWS, GCP, or Azure): IAM misconfigurations, exposed services, IaC scanningAI & Modern Security PracticesPractical experience integrating AI or LLM tools into security workflows — whether for code analysis, automated triage, payload generation, or offensive testingUnderstanding of LLM and generative AI attack surfaces: prompt injection, jailbreaking, insecure output handling, and model abuse (OWASP LLM Top 10)Across Logitech we empower collaboration and foster play. We help teams collaborate/learn from anywhere, without compromising on productivity or continuity so it should be no surprise that most of our jobs are open to work from home from most locations. Our hybrid work model allows some employees to work remotely while others work on-premises. Within this structure, you may have teams or departments split between working remotely and working in-house.Logitech is an amazing place to work because it is full of authentic people who are inclusive by nature as well as by design. Being a global company, we value our diversity and celebrate all our differences. Don’t meet every single requirement? Not a problem. If you feel you are the right candidate for the opportunity, we strongly recommend that you apply. We want to meet you!We offer comprehensive and competitive benefits packages and working environments that are designed to be flexible and help you to care for yourself and your loved ones, now and in the future. We believe that good health means more than getting medical care when you need it. Logitech supports a culture that encourages individuals to achieve good physical, financial, emotional, intellectual and social wellbeing so we all can create, achieve and enjoy more and support our families. We can’t wait to tell you more about them being that there are too many to list here and they vary based on location.All qualified applicants will receive consideration for employment without regard to race, sex, age, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.If you require an accommodation to complete any part of the application process, are limited in the ability, are unable to access or use this online application process and need an alternative method for applying, you may contact us toll free at +1-510-713-4866 for assistance and we will get back to you as soon as possible.