Lead Offensive Security Engineer

Lead Offensive Security Engineer

Responsibilities:

• Lead and mentor the Offensive Security team to fulfill tactical initiatives to foster a culture of innovation and continuous improvement.
• Oversee vulnerability management programs, including scanning, prioritization, and remediation tracking.
• Conduct advanced threat hunting to identify and analyze emerging threats and adversary behaviors.
• Manage and operationalize threat intelligence, including zero-day vulnerabilities and exploit research.
• Plan and execute Red Team, Blue Team, and Purple Team exercises to assess and strengthen organizational defenses.
• Lead penetration testing engagements, including scoping, execution, reporting, and remediation follow-up.
• Develop and track offensive security metrics to measure program effectiveness and risk reduction.
• Collaborate with Defensive Security, IT, and engineering teams to share findings and drive remediation.
• Stay current with the latest offensive security tools, tactics, and techniques.
• Prepare and present offensive security reports and metrics to senior management.

Qualifications:

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related field (or equivalent experience).
• 5+ years of experience in offensive security, including vulnerability management, threat hunting, and penetration testing.
• Strong knowledge of security frameworks (MITRE ATT&CK, NIST, CIS, etc.).
• Hands-on experience with offensive security tools (e.g., Metasploit, Cobalt Strike, Burp Suite, Nmap, etc.).
• Experience with scripting and automation (Python, PowerShell, Bash, etc.).
• Deep hands‑on offensive security experience, including red teaming, penetration testing, adversary simulation, vulnerability management, and threat intelligence.
• Proven ability to lead and mentor an offensive security team, with a strong focus on growing analysts’ technical skills and careers.
• Experience acting as a senior technical leader who sets direction, standards, and priorities—not just an individual contributor.
• Demonstrated strength in coaching, guidance, and mentoring.
• Ability to translate offensive security findings into measurable risk reduction and actionable outcomes.
• Strong understanding of threat‑informed offensive security practices.
• Experience executing and operationalizing an offensive security vision and strategy
• Proven ability to partner closely with defensive security and engineering teams to improve overall security posture.
• Mindset focused on building a scalable, mature, world‑class offensive security capability, not just running tests.

Nice‑to‑Have Skills:

• Prior experience building or scaling a Red Team or Offensive Security program.
• Experience with Purple Teaming and measuring defensive effectiveness over time.
• Offensive security certifications (OSCP, OSCE, GIAC, or similar).
• Scripting or automation experience (Python, PowerShell, Bash).
• Experience in presenting results and program outcomes to security leadership.
• Background in enterprise environments with complex technology stacks.