Offensive Security Engineer

About the role

The Offensive Security Engineer will act as an elite adversary simulator, leading full‑scope red‑team and purple‑team engagements to test and strengthen our organization’s defenses. This high‑impact position blends advanced offensive techniques with deep blue‑team knowledge to emulate real‑world threats, uncover detection gaps, and drive measurable security improvements.

Key responsibilities

• Plan and execute end‑to‑end red‑team engagements, from OSINT and reconnaissance through persistence, lateral movement, privilege escalation, and objective completion such as data exfiltration or ransomware simulation.
• Perform adversary emulation using real‑world TTPs mapped to the MITRE ATT&CK framework, including living‑off‑the‑land techniques and evasion of EDR/XDR, AMSI, and ETW.
• Conduct purple‑team exercises alongside blue‑team analysts, testing detections in real time, providing instant feedback, and fine‑tuning alerts and rules.
• Develop and maintain custom offensive tooling in Python, Go, PowerShell, C/C++, and create C2 frameworks, evasion payloads, and implants.
• Execute specialized testing such as web/application exploitation, Active Directory domination, cloud attacks on AWS/Azure/GCP, and mobile/wireless assessments.

Required profile

• Graduate in Computer Science, Information Technology, or a related field.
• Minimum of 3 years of vulnerability assessment and penetration testing experience.
• Strong understanding of networking protocols, operating system internals, and web technologies.

Required skills

• Programming/Scripting: Python, Go, PowerShell, C, C++.
• Networking: TCP/IP, OSI model, DNS, HTTP/HTTPS, LDAP, Kerberos.
• Operating Systems: Linux (especially), Windows, Active Directory.
• Web Technologies: JavaScript, PHP.NET, Java.
• Security Frameworks: MITRE ATT&CK, OWASP Top 10, CVE analysis.
• Cloud Platforms: AWS, Azure, GCP.
• Adversary Emulation, living‑off‑the‑land techniques, C2 framework development.