Senior Offensive Cybersecurity Engineer

1. Manage vulnerabilities across applications, endpoints, databases, networking devices, and mobile, cloud, and third-party assets.
2. Conduct continuous discovery and vulnerability assessments of enterprise-wide assets.
3. Document, prioritize, and report asset and vulnerability status, along with remediation recommendations and validation.
4. Communicate vulnerability results effectively to technical and non-technical stakeholders, considering risk tolerance and business impact.
5. Procure and maintain tools and scripts used in asset discovery and vulnerability assessment.
6. Utilize vulnerability databases to understand weaknesses, likelihood, and remediation options, including vendor fixes and workarounds.
7. Perform tactical assessments involving social engineering, application security (web and mobile), physical security, lateral movement, threat analysis, and network architecture.
8. Develop and maintain tools and scripts for penetration testing and red team activities.
9. Support purple team exercises to enhance team collaboration and security posture.
10. Collaborate with the security operations center (SOC) to leverage intelligence, identify threats, and verify security measures.
11. Work with infrastructure teams to support remediation efforts and verify security improvements.
12. Continuously research new TTPs and assess risks to implement or validate controls.
13. Maintain an active database of third-party assets, vulnerabilities, remediation, and overall security posture.

• 5+ years in information security, offensive tactics, monitoring, and incident response.
• Proficient in scripting languages such as Python, PowerShell, Bash, and Ruby.
• Experience with testing frameworks and tools like Burp Suite, Cobalt Strike, Kali Linux, Nessus, and PowerShell Empire.
• Experience conducting penetration tests or red team engagements.
• Strong knowledge of operating systems (*nix, Windows, Mac) and networking protocols.
• Experience with vulnerability management solutions like Qualys, Nessus, Kenna Security, Tanium, and open source tools.
• Experience with system hardening and security best practices.
• Understanding of Windows and *nix OS, endpoint applications, networking, and cloud platforms (AWS, Azure, GCP) is preferred.
• Ability to perform organization-wide vulnerability scanning and remediation.
• Ability to maintain persistence within systems while avoiding detection.
• Familiarity with security technologies such as IPS/IDS, SIEM, firewalls, EPP, EDR, and UEBA.
• Knowledge of OWASP, MITRE ATT&CK framework, and SDLC.

Bachelor's degree in a related discipline or equivalent work experience.