Offensive Red Team Security Engineer (Remote, EST or CST)

Piper Companies is seeking a Red Team Offensive Security Engineer for an award-winning, publicly traded worldwide Information Technology Organization. The Red Team Offensive Security Engineer will focus on reverse engineering, penetration testing, and security assessments of all products within the tech stack.

1. Objective Setting: Define the business context, scope, and objectives of the engagement, aligning the Red Team’s success criteria with the organization’s goals.
2. Reconnaissance and Threat Modeling: Gather extensive information about the target, such as IP ranges, domain names, and employee details. Use frameworks like MITRE ATT&CK to model potential threats and assess associated risks.
3. Initial Access: Exploit vulnerabilities to gain initial access through techniques such as social engineering, physical attacks, or exploiting external attack surfaces.
4. Establish Persistence: Maintain access by setting up backdoors, creating new accounts, and utilizing Command and Control (C2) frameworks.
5. Escalation/Lateral Movement: Escalate privileges and move laterally within the organization, using defense evasion techniques and exploiting further vulnerabilities.
6. Data Exfiltration: Discover, collect, and exfiltrate target data according to the defined objectives.
7. Reporting and Debrief: Present a comprehensive report of findings, including an executive summary, detailed findings, control successes and failures, and recommendations for improvement.

1. At least 2 years of experience as part of a red team performing some of the responsibilities listed above.
2. Experience writing custom exploits.
3. AWS cloud exploitation skills - Prior experience Red teaming in AWS (not just using AWS for red teaming purposes).
4. Linux container exploitation experience.
5. Prior experience working in Unix (Linux), Windows, and/or Cloud Environments.
6. Solid understanding of Python, Go, or a similar language.
7. Must have the legal right to work in the United States without the need for employment sponsorship.
8. Technology, Tooling, and Testing/Assessment Types: On-Prem (Windows and Linux/Unix, VMWare), Cloud (AWS and AWS CLI/Tools), Kubernetes, Docker, Git, Web Frameworks (React/Node), IAM (Okta), O365, Slack, Web Frameworks and languages (React/Node/JavaScript/TypeScript), Bash, Python, Cloud Redirectors, Phishing Frameworks (GoPhish, Evilginx), Burp Suite, Kali Linux Tools, Web Exploitation, Linux Enumeration/Exploitation, API Security Testing (IaaS, PaaS, SaaS Security Testing).

1. Salary Range: $90,000 - $120,000
2. Full Benefits: Medical, Dental, Vision, 20 days PTO, Sick Leave as required by Law, and 11 Federal Holidays.
3. This opportunity is remote; candidates in the Eastern or Central Standard Time Zones are preferred.
4. Two-step interview process.

Additional Skills and Knowledge: SQL Injection (SQLi), Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Remote Code Execution (RCE), Server-Side Request Forgery (SSRF), Broken Authentication, Session Hijacking, Insecure Direct Object References (IDOR), Security Misconfiguration, Sensitive Data Exposure, Input Validation, Privilege Escalation, Web Application Firewall (WAF) Bypass, Zero-Day Exploits, Phishing and Social Engineering, Credential Stuffing, Brute Force Attacks, Man-in-the-Middle (MitM) Attacks, API Security, Content Security Policy (CSP), HTTP Header Security, Subdomain Takeover, Directory Traversal, File Inclusion Vulnerabilities (LFI/RFI), Web Shells, Security, Threat Intelligence, Vulnerability Assessment, Incident Response.

#LI-JQ1

#LI-REMOTE

This job opens for applications on 04/22/2025. Applications will be accepted for at least 30 days from the posting date.