We're partnered with a leading real estate data analytics company to bring on an Offensive Security Engineer with a senior level skillset. This role focuses on securing the client's information, analytics, and online marketplaces. The ideal candidate will lead red, blue, & purple team engagements to enhance both internal and external security measures. You will be responsible for identifying and exploiting vulnerabilities in their infrastructure and applications, while collaborating with senior management to strengthen our overall security framework. This position offers a flexible hybrid work schedule.
Responsibilities:
- Conduct offensive security activities including red teaming, penetration testing, and vulnerability research.
- Perform adversary emulation and red team engagements to test and improve defensive blue team capabilities.
- Collaborate on purple team activities to enhance threat management strategies.
- Identify and exploit vulnerabilities in CI/CD systems and Active Directory environments.
- Develop and execute payloads and exploits using C/C#/C++.
- Utilize security tools such as NMAP, Burp Suite, Kali Linux, and Bloodhound.
- Operate C2 frameworks like Cobalt Strike, Sliver, and Mythic.
- Work with EDR systems to detect and respond to security incidents.
- Stay updated on the latest trends, techniques, and tools in offensive security.
- Provide detailed reports and presentations to senior level management on findings and recommendations.
Qualifications:
- Bachelor's Degree in Computer Science, Cyber Security, or a related field.
- 6+ years of proven experience in offensive security activities, including red teaming, penetration testing, and vulnerability research.
- Strong knowledge of scripting/programming languages such as Bash, Python, and PowerShell.
- Proficiency with security tools (NMAP, Burp Suite, Kali Linux, Bloodhound) and C2 frameworks (Cobalt Strike, Sliver, Mythic).
- Expertise in Windows Active Directory exploitation.
- Experience with payload and exploit development in C/C#/C++.
- Familiarity with EDR systems.
- Relevant security certifications (OSEP, OSCP, CRTO, GXPN).
- Ability to work effectively in a hybrid schedule environment.
If you or someone you know is interested, please apply in directly!
