Senior Staff Offensive Security Engineer

This position is part of the Security Group with worldwide responsibility for cybersecurity for IT, business systems, the network which extends to affiliates as well as security of products and services. As a Senior Staff Offensive Security Engineer, you will lead and mentor a team of security engineers, driving offensive security efforts, including penetration testing, vulnerability assessments, and red teaming exercises. Your expertise will be crucial in identifying and mitigating security threats, particularly in cloud environments.

Key Accountabilities

• Penetration Testing and Vulnerability Assessments:
• Lead comprehensive penetration tests on networks, web applications, and other systems.
• Identify security vulnerabilities and provide detailed recommendations for remediation.
• Utilize both manual and automated tools to uncover security weaknesses.
• Cloud Security Testing:
• Perform security assessments of cloud services (e.g., AWS, Azure, Google Cloud Platform).
• Identify and exploit vulnerabilities specific to cloud environments.
• Collaborate with cloud architects and engineers to implement best security practices.
• Red Teaming Exercises:
• Plan and execute sophisticated red teaming exercises to simulate real-world attacks.
• Develop and deploy advanced adversarial tactics, techniques, and procedures (TTPs).
• Collaborate with blue teams to improve detection and response capabilities.
• Security Research and Exploitation:
• Stay updated with the latest security threats, vulnerabilities, and exploits, especially those related to cloud services.
• Research new attack vectors and develop proof-of-concept exploits.
• Share knowledge through detailed reports, presentations, and training sessions.
• Security Tool Development:
• Develop and maintain custom security tools and scripts to support offensive security operations.
• Automate repetitive tasks to enhance efficiency and effectiveness.
• Incident Response Support:
• Assist in the investigation and response to security incidents.
• Provide expertise on attacker methodologies and potential countermeasures, particularly in cloud environments.
• Collaboration and Communication:
• Work closely with cross-functional teams to integrate security practices into the development lifecycle.
• Communicate findings and recommendations to stakeholders in a clear and concise manner.

Networking/Key Relationships

• Information Security Team: Collaborate closely with the security team to share insights, coordinate efforts, and enhance overall security posture.
• IT and Cloud Infrastructure Teams: Work with IT and cloud engineers to ensure secure deployment and maintenance of systems.
• Development Teams: Partner with developers to integrate security practices into the software development lifecycle (SDLC).
• Incident Response Team: Provide support and expertise during security incidents and post-incident analysis.
• Senior Management: Communicate security risks, findings, and recommendations to leadership to inform strategic decisions.

Minimum Knowledge & Experience Required

• Education:
• Bachelor’s degree in computer science, Information Security, or a related field. A master’s degree or relevant certifications (e.g., OSCP, OSCE, CISSP, CCSK, AWS Certified Security Specialty) is preferred.
• Experience:
• Minimum of 6 years of experience in offensive security, penetration testing, or red teaming.
• Proven track record of successfully identifying and exploiting security vulnerabilities, with significant experience in cloud security.
• Technical Skills:
• Deep understanding of networking protocols, operating systems, cloud infrastructure, and common application vulnerabilities.
• Proficiency with penetration testing tools such as Metasploit, Burp Suite, Nmap, Wireshark, as well as cloud-specific security tools like ScoutSuite, Prowler, and CloudSploit.
• Strong programming/scripting skills in languages such as Python, Bash, PowerShell, or Ruby.
• Cloud Security Expertise:
• In-depth knowledge of cloud security frameworks, methodologies, and best practices.
• Experience with cloud security tools and services from major cloud providers (AWS, Azure).
• Ability to identify and exploit cloud-specific vulnerabilities and misconfigurations.
• Soft Skills:
• Excellent problem-solving abilities and analytical skills.
• Strong written and verbal communication skills.
• Ability to work independently as well as part of a team.

Skills & Capabilities

• Technical Proficiency:
• Expert knowledge in penetration testing and offensive security methodologies.
• Advanced understanding of cloud security principles and the ability to implement them effectively.
• Strong capability in developing and using security tools and scripts.
• Analytical Thinking:
• Ability to think like an attacker to identify and exploit security vulnerabilities.
• Excellent analytical skills to assess complex systems and identify potential weaknesses.
• Communication Skills:
• Strong written and verbal communication skills to articulate security issues and recommendations to diverse audiences.
• Ability to create clear and concise documentation and reports.
• Problem-Solving:
• Strong problem-solving skills to develop innovative solutions to complex security challenges.
• Ability to respond effectively to security incidents and provide expert guidance.
• Collaboration:
• Ability to work collaboratively with cross-functional teams, including IT, development, and cloud infrastructure teams.
• Strong interpersonal skills to build effective working relationships.
• Continuous Learning:
• Commitment to continuous learning and staying updated with the latest security threats, tools, and best practices.
• Participation in professional development activities and security conferences.

Travel Requirements

• Less than 10% of the time.

Individual Contributor Core Competencies

• Managing Work: Effectively managing one’s time and resources to ensure that work is completed efficiently.
• Emotional Intelligence Essentials: Establishing and sustaining trusting relationships by accurately perceiving and interpreting own and others’ emotions and behavior.
• Building Partnerships: Developing and leveraging relationships within and across work groups to achieve results.
• Decision Making: Identifying and understanding problems and opportunities by gathering, analyzing, and interpreting information.
• Continuous Improvement: Originating action to improve existing conditions and processes.