Offensive Security Engineer

Direct message the job poster from Plurilock

Offensive Cybersecurity Engineer – Red Team | Remote (USA or Canada)

Plurilock is seeking an elite Offensive Cybersecurity Engineer to join our Red Team and help drive proactive defense strategies across enterprise environments. In this role, you'll go beyond basic testing to emulate real-world threat actors, uncover security weaknesses across networks, web applications, APIs, and cloud platforms, and deliver high-impact findings that help organizations become truly resilient.

At Plurilock, we don't just assess – we innovate. From simulating advanced persistent threats to designing novel attack chains, our offensive security team tackles high-stakes challenges for global clients in finance, healthcare, tech, and government sectors.

What You’ll Do:

As an Offensive Cybersecurity Engineer, your responsibilities will include, but are not limited to:

• Lead advanced network, web application, and API penetration testing engagements.
• Conduct white box security assessments of on-prem and cloud infrastructure (AWS, Azure, GCP), identifying misconfigurations, privilege escalations, and lateral movement opportunities.
• Perform adversary simulation and red team operations using tools such as Cobalt Strike, Sliver, Mythic, and custom implants.
• Identify and exploit business logic flaws, chaining vulnerabilities for maximum impact.
• Collaborate with defensive teams during purple team exercises to tune detections and enrich telemetry.
• Author detailed, actionable reports tailored for both technical and executive audiences.
• Research and prototype offensive TTPs, contribute to tooling, and share findings with the internal team and community.

What Success Looks Like:

Within your first 3–6 months, you will have:

• Led multiple offensive engagements across different environments.
• Delivered threat models and proof-of-concept exploits with real-world impact.
• Enhanced internal playbooks and offensive security tooling.
• Presented findings to client security leaders and provided remediation strategies.

Required Qualifications & Skills:

• 3–5 years of professional experience in penetration testing or offensive cybersecurity roles.
• One or more of the following (or equivalent experience):
• OSCP, GPEN, OSWE, OSEP, GXPN, eWPTX
• Strong expertise in:
• Network and Active Directory exploitation
• Web application and API security testing (manual and tool-assisted)
• White box infrastructure reviews, including code, scripts, IAM policies, and CI/CD pipelines
• Cloud security assessments (AWS, Azure, or GCP)
• Deep familiarity with:
• PTES
• OWASP Web Top 10
• MITRE ATT&CK framework
• Strong scripting or development experience (Python, PowerShell, Bash, or equivalent).
• Experience with red team tooling (e.g., Cobalt Strike, Sliver, Mythic, Covenant).
• Familiarity with EDR evasion techniques, AV bypass, and OPSEC best practices.
• Understanding of AD attack paths (Kerberoasting, ACL abuse, DCSync, etc.).
• Exposure to purple teaming, detection engineering, or MITRE ATT&CK emulation plans.
• Experience contributing to or maintaining custom offensive tooling or exploits.
• Passionate about offensive security research and constantly sharpening your skills.

Location & Authorization:

• Remote (United States or Canada).
• Must have valid work authorization in the U.S. or Canada.
• Candidates with active U.S. Secret Security Clearance or Canadian Secret (Level II) Clearance are strongly encouraged to apply (not a requirement).

Interpersonal Skills:

• Good interpersonal skills like being a great teammate and effective collaborator with many different types of audiences.
• Independent problem-solving and self-directing abilities.
• Ambitious and flexible with high motivation.
• Ability to multitask and handle multiple projects.
• Ability to practice tolerance and professionalism in times of high stress.
• Strong presentation and writing skills.

• Seniority level
  Mid-Senior level

• Employment type
  Full-time

• Job function
  Information Technology
• Industries
  Computer and Network Security

Referrals increase your chances of interviewing at Plurilock by 2x

Medical insurance

Vision insurance

401(k)

Get notified about new Security Engineer jobs in United States.

United States $90,000.00-$110,000.00 2 months ago

California, United States $45.00-$50.00 4 weeks ago

United States $147,000.00-$208,000.00 2 days ago

Columbus, OH $95,000.00-$128,000.00 6 days ago

Washington, DC $110,000.00-$165,000.00 4 months ago

Boston, MA $134,100.00-$225,000.00 3 months ago

Will County, IL $135,000.00-$145,000.00 2 days ago

United States $163,100.00-$244,700.00 2 weeks ago

United States $100,000.00-$170,000.00 2 months ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.