Senior Security Assessment Engineer - Offensive Security
Indexed description
Senior Security Engineer - Vulnerability and Assessment
Position Overview
Our Cybersecurity organization is responsible for identifying emerging threats, uncovering vulnerabilities, and strengthening security defenses across a complex enterprise environment.
We are seeking a Senior Offensive Security & Vulnerability Assessment Engineer to join our team and help proactively identify security weaknesses before they can be exploited by malicious actors. This role will focus on offensive security techniques, vulnerability assessments, penetration testing, threat modeling, and security testing methodologies to evaluate and improve the organization's overall security posture.
The ideal candidate is someone who thinks like an attacker but operates as a trusted security advisor — someone who enjoys uncovering weaknesses, validating risks, analyzing attack paths, and partnering with technology teams to drive meaningful security improvements.
This is a highly technical role for an experienced cybersecurity professional with hands-on experience performing security assessments, ethical hacking activities, and vulnerability analysis.
Key Responsibilities
- Perform offensive security assessments, penetration testing, vulnerability assessments, and security reviews across enterprise applications, infrastructure, and technology environments.
- Identify, validate, and analyze vulnerabilities by leveraging attacker techniques, exploitation methodologies, and security testing frameworks.
- Conduct security testing activities including network assessments, web application testing, adversary simulation, and threat modeling.
- Evaluate attack paths and determine potential business impact associated with identified vulnerabilities.
- Utilize offensive security tools and methodologies to identify weaknesses before they can be exploited by real-world threat actors.
- Develop detailed assessment reports outlining vulnerabilities, exploitation techniques, risk severity, and recommended remediation strategies.
- Partner with security engineering, infrastructure, application development, and technology teams to communicate findings and support remediation efforts.
- Analyze emerging threats, vulnerabilities, and attacker techniques to improve security defenses.
- Support the development and enhancement of security testing processes, methodologies, and capabilities.
- Participate in incident investigations and provide expertise related to attack techniques, exploitation methods, and threat actor behavior.
- Mentor less experienced security professionals and contribute technical expertise across the security organization.
Required Qualifications
- Bachelor’s degree in cybersecurity, information technology, computer science, or related field, or equivalent combination of education and experience.
- 5+ years of cybersecurity experience with significant hands-on experience in offensive security, penetration testing, vulnerability assessments, or security consulting.
- Demonstrated experience performing security assessments and identifying exploitable vulnerabilities.
- Strong understanding of attack techniques, vulnerability exploitation, and adversary tactics.
- Experience with one or more of the following areas:
- Penetration testing
- Web application security testing
- Network security assessments
- Vulnerability analysis
- Threat modeling
- Adversary simulation
- Ethical hacking
- Ability to translate technical vulnerabilities into clear business risks and actionable remediation recommendations.
- Strong communication skills with the ability to collaborate with technical teams and business stakeholders.
Preferred Qualifications
- Offensive Security certifications such as:
- OSCP (Offensive Security Certified Professional)
- OSWE (Offensive Security Web Expert)
- OSEP (Offensive Security Experienced Professional)
- GIAC certifications
- Certified Ethical Hacker (CEH)
- Experience with offensive security and assessment tools such as:
- Burp Suite
- Metasploit
- Nmap
- Kali Linux
- BloodHound
- Nessus / Tenable
- Qualys
- Rapid7
- Cobalt Strike
- Experience with scripting or automation using:
- Python
- PowerShell
- Bash
- Experience working in cybersecurity consulting, penetration testing, red team, or security assessment environments.
**Sponsorship is not being offered for this role***
Can be based in either Philadelphia, PA, Charlotte, NC or Dallas, TX and able to work in a hybrid work model
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search