Senior Offensive Security Engineer

Role Overview

The Senior Offensive Security Engineer will perform comprehensive security assessments and penetration testing to identify vulnerabilities and provide actionable recommendations to strengthen the organizations security. By simulating real-world attacks, they will uncover security gaps, engage in proactive threat hunting, analyse threat intelligence, and monitor network activity to detect and mitigate advanced threats. Additionally, they will offer expert threat advisory services, collaborate with stakeholders to enhance incident response capabilities, and develop strategies to address emerging cyber risks. This role requires a blend of technical expertise, analytical skills, and a proactive mindset to safeguard the organizations digital ecosystem.

Job Description 

Vulnerability Assessment and Penetration Testing (VAPT):

• Conduct in-depth security assessments of systems, applications, and networks to identify vulnerabilities.
• Perform penetration testing to simulate real-world attacks and uncover security weaknesses.
• Deliver detailed reports with actionable recommendations to address identified vulnerabilities.

Threat Hunting:

• Proactively search for advanced threats within the organizations digital environment.
• Analyze threat intelligence, network logs, and behavioral data to identify anomalies.
• Develop and implement hunting methodologies to detect and mitigate stealthy attacks.

Threat Advisory Services:

• Monitor and analyze emerging cyber threats, vulnerabilities, and security trends.
• Provide expert guidance to stakeholders on mitigating risks associated with new threats.
• Develop tailored strategies to address specific organizational needs and enhance resilience.

Incident Response Support:

• Collaborate with incident response teams to investigate and remediate security breaches.
• Provide insights from threat hunting and VAPT activities to improve response strategies.
• Contribute to the development of playbooks and procedures for effective incident management.

Collaboration and Reporting:

• Work closely with cross-functional teams to implement security improvements.
• Deliver executive-level presentations and technical reports detailing findings and recommendations.
• Foster communication with stakeholders to align security practices with business goals.

Security Tooling and Automation:

• Utilize and optimize advanced security tools for VAPT and threat hunting activities.
• Develop scripts or workflows to automate repetitive tasks and improve efficiency.

Training and Awareness:

• Share knowledge with internal teams to promote best practices in cybersecurity.
• Conduct training sessions on threat intelligence and response for stakeholders.

Continuous Improvement:

• Stay updated on the latest cybersecurity technologies, tools, and methodologies.
• Participate in red team/blue team exercises to validate organizational defenses.

Person Specification 

• Experience: Minimum of 5 years of experience in vulnerability assessments, penetration testing (VAPT), and proactive threat hunting. The role involves identifying and mitigating security gaps, delivering tailored threat advisory services, and providing actionable recommendations on emerging risks and vulnerabilities. The ideal candidate will analyse threat intelligence, monitor systems for anomalies, and pre-empt potential cyberattacks while collaborating with stakeholders to enhance incident response capabilities and strengthen overall security strategies. Proficiency in advanced security tools, automation techniques, and industry best practices is essential for safeguarding the organizations digital ecosystem.

• Education: Bachelors degree in computer science or information security. Relevant certifications Offensive Security Certified Expert (OSCE), Offensive Security Certified Professional (OSCP), Licensed Penetration Testing (LPT), or Advanced Penetration Testing (APT), is a mandatory qualification or similar are highly desirable.

• Technical Expertise: Must possess strong technical skills in both automated and manual penetration testing, including the ability to write and utilize custom scripts in languages such as Python, Bash, or PowerShell to identify and exploit vulnerabilities. Proficiency with industry-standard tools like Nmap, Burp Suite, Metasploit, Nessus, and Wireshark is essential, along with hands-on expertise in uncovering security gaps that automated tools may miss. A deep understanding of OWASP Top 10, SANS Top 25 vulnerabilities, secure coding practices, and network protocols is critical. The engineer should also be familiar with cloud security for platforms like AWS and Azure, along with compliance standards and security frameworks such as ISO 27001 and NIST. Strong analytical skills, attention to detail, and the ability to produce clear, actionable reports are vital for effectively communicating findings and recommendations.
  
  
• Communication: Exceptional written and verbal communication skills, with experience presenting complex information to clients and stakeholders.
  
  
• Analytical Thinking: Strong problem-solving skills with an ability to analyse complex security incidents and make quick, effective decisions.
  
  
• Industry Knowledge: Up-to-date knowledge of cyber threat landscape, security best practices, and regulatory requirements.