Offensive DevSecOps Engineer

About the role

Logitech is the Sweet Spot for people who want their actions to have a positive global impact while having the flexibility to do it in their own way. About the Role Logitech's security team is evolving the way it tests, validates, and automates security across a complex and diverse product ecosystem. As an Offensive DevSecOps Engineer , you will be responsible for building the tooling, automation, and testing strategies that keep Logitech's security posture continuously validated. You will develop custom security tools, integrate security into CI/CD pipelines, and conduct offensive testing across web applications, APIs, and cloud infrastructure. A core part of this role is building out an AI-assisted security testing strategy using modern AI models to scale code review, automate vulnerability triage, and enhance offensive testing workflows in ways that traditional tooling alone cannot achieve. You will work closely with the Product Security Architect and engineering teams, translating architectural security requirements into practical validation and ensuring that what is designed securely is also tested thoroughly. What You Will Do Security Tool Development & Deployment Design, build, and maintain custom security automation frameworks, tooling, and integrations that scale the team's testing capabilities far beyond what off-the-shelf solutions can offer Own the deployment, maintenance, and continuous improvement of the security team's internal tooling infrastructure Develop automation that turns manual, repetitive security tasks into scalable, repeatable processes AI-Assisted Security Testing Strategy Build and own Logitech's AI-assisted security testing strategy - integrating models such as Opus 4.6 into CI/CD pipelines for context-aware automated code review, intelligent SAST/DAST triage, and vulnerability discovery at scale Develop AI-powered offensive testing workflows, including automated payload generation, fuzzing, and LLM red teaming for Logitech's generative AI features (e.g., testing for prompt injection, jailbreaking, and insecure output handling) Continuously evolve the strategy to cover emerging vulnerability classes, particularly those introduced by AI integrations CI/CD Pipeline Security Integrate security controls natively into CI/CD pipelines (GitHub Actions, GitLab CI, or equivalent), ensuring SAST, DAST, SCA, and secrets detection are embedded directly into developer workflows Design pipeline thresholds and feedback mechanisms that provide developers with actionable, low-noise security signals without becoming a bottleneck to delivery Own the ongoing tuning and optimization of automated security checks to minimize false positives and maximize signal quality Offensive Operations Conduct targeted internal penetration tests across web applications, APIs, and cloud infrastructure to validate the architectural standards defined by the Security Architect Perform vulnerability validation and proof-of-concept development to accurately assess and communicate real-world exploitability and business impact External Security Program Management Act as the technical lead for all external security testing engagements - defining scopes, reviewing methodologies, and validating findings from third-party penetration testing firms Manage Logitech's bug bounty program: triage incoming reports, validate exploitability, communicate with researchers, and drive remediation workflows What You Bring Experience 5+ years in Offensive Security, DevSecOps, Security Engineering, or a closely related role Demonstrated experience building and deploying security automation tools in a production engineering environment Hands-on penetration testing experience across web applications, APIs, and cloud infrastructure Technical Skills Strong coding and scripting proficiency in one or more languages (Python, Go, Bash) specifically applied to security tooling and automation development Deep experience with CI/CD platforms (GitHub Actions, GitLab CI, Jenkins, or equivalent) and integrating SAST, DAST, and SCA tooling into developer pipelines Solid offensive security skills: web application and API exploitation, authentication bypass, cloud misconfigurations, privilege escalation Familiarity with vulnerability management platforms and bug bounty triage workflows Working knowledge of cloud security (AWS, GCP, or Azure): IAM misconfigurations, exposed services, IaC scanning AI & Modern Security Practices Practical experience integrating AI or LLM tools into security workflows - whether for code analysis, automated triage, payload generation, or offensive testing Understanding of LLM and generative AI attack surfaces: prompt injection, jailbreaking, insecure output handling, and model abuse (OWASP LLM Top 10) Across Logitech we empower collaboration and foster play. We help teams collaborate/learn from anywhere, without compromising on productivity or continuity so it should be no

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Logitech? Share your experience