Global Security Engineer Offensive Operations (Remote or Onsite)
Indexed description
In this role, the successful candidate will collaborate closely with other Global Information Security team members, both in offensive operations and collaborative purple-team scenarios involving the SOC. This collaboration will involve testing the company’s defenses, assisting in planning exercises, and guiding the overall approach to mitigating risk and addressing security gaps.
Responsibilities And Duties
- Perform security reviews of enterprise systems, applications, and networks in coordination with local technology and security teams to ensure effective application of security controls
- Evaluate systems and security processes to identify vulnerabilities, misconfigurations, and exploitation vectors
- Participate in and support vulnerability management processes
- Manage projects, holding teams and team members accountable
- Conduct production-safe exploitation of suspected software and hardware vulnerabilities to demonstrate business impact
- Perform periodic network traffic analysis
- Plan and develop penetration test methodologies, automations, and schedules
- Create reports and remediation recommendations based on findings
- Present findings and risks to both technical and non-technical audiences
- Provide business and data intelligence to support threat analysis
- Consume and triage cyber threat intelligence to provide current industry-related risk context
- Collaborate with business and technology managers to improve data protection processes and procedures
- Engage with vendors and third parties in security testing development and execution
- Manage and review attack surface, assigning and delegating remediation actions to the Business
- Participate effectively in data governance and risk compliance planning
- Raise incidents involving potential data loss or threats to data
- Report and provide metrics to support program objectives
- Minimum 5 years of work experience in penetration testing & application security testing
- Strong understanding of Linux and Windows administration
- Experience in performing security assessments using common offensive security tools such as: Metasploit, NetExec, Impacket, Nmap, Burpsuite, Pretender, etc.
- Knowledge of command-and-control technologies and overlay networking
- Experience in crafting spear-phishing playbooks and initial access packages
- Proficiency in PowerShell, Perl, Ruby, Python, Go, Rust, Java, or other language(s) to create penetration testing solutions
- Foundational knowledge of, and experience with, administering enterprise-level Information Technology systems including networks, virtualization, cloud, operating systems, Active Directory, etc.
- Experience with Attack Surface Management tools and processes
- Ability to work both independently and as part of a small, distributed team
- Experience in Breach/Attack simulations and tabletop exercises
- Flexibility to work outside regularly scheduled/normal business hours as required
- Commitment to security training and earning corresponding certifications
- Highly motivated and self-directed
- Excellent verbal and written communication skills
- Passion for solving complex problems and a drive for continuous learning
- Ability to prioritize, schedule and track to deadlines
- Required: Degree in a related field or at least 5 years relevant professional experience
- Desired: Technical professional security certification such as OSCP, GPEN, or similar
- US Person as defined under EAR PART 772 AND ITAR 120.15
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search