Senior Security Engineer

Description

We are seeking a skilled and experienced Senior Security Engineer to join our Offensive Security team. In this role, you will perform advanced penetration testing, simulated attack campaigns, and red team exercises to identify, exploit, and report on security vulnerabilities. As a Senior Security Engineer, you will lead technical assessments, mentor Tier 1 team members, and contribute to the development of tools and methodologies to emulate advanced threat actor tactics, techniques, and procedures (TTPs).

Responsibilities

Advanced Offensive Security Operations

• Perform comprehensive penetration testing on networks, applications, and systems to uncover and exploit complex vulnerabilities.
• Lead simulated adversarial attack methods, including phishing, lateral movement, privilege escalation, and exfiltration.
• Emulate sophisticated threat actors using frameworks such as MITRE ATT&CK, Kill Chain, and TIBER-EU.
• Develop custom scripts, exploits, and tools to support advanced Red Team operations.
• Provide detailed post-assessment reports with technical findings, risk analysis, and actionable remediation recommendations.
• Lead incident response efforts 

Incident Simulation and Collaboration

• Collaborate with Blue Team and SOC teams to test incident detection and response capabilities during red/blue/purple team exercises.
• Conduct stealthy operations to test organizational defenses while maintaining operational integrity.
• Validate and refine defensive controls by simulating real-world attack scenarios.
• Collaborate with sales to provide security recommendations and scopes of work. 

Mentorship and Knowledge Sharing

• Mentor Tier 1 engineers by providing technical guidance, hands-on training, and support during assessments.
• Assist in developing internal playbooks, attack scenarios, and operational guides for Red Team activities.

Continuous Improvement and Research

• Research and stay updated on emerging attack vectors, vulnerabilities, and threat actor behaviors.
• Proactively improve Red Team tactics, techniques, and tools to ensure cutting-edge offensive capabilities.
• Collaborate with the development of automation scripts and frameworks to streamline Red Team operations.
• Performs additional duties as assigned

Requirements

Education and Experience

• Bachelor’s degree in Cybersecurity, Computer Science, or a related field (or equivalent experience).
• 3-5 years of hands-on experience in penetration testing, red teaming, or offensive security operations.
• Proven track record of identifying and exploiting complex security vulnerabilities.

Technical Skills

• Advanced knowledge of penetration testing tools (e.g., Metasploit, Cobalt Strike, Burp Suite, Nmap, Nessus, Wireshark).
• Proficiency in scripting and automation with languages such as Python, PowerShell, or Bash.
• Deep understanding of networking protocols (e.g., TCP/IP, DNS, VPN, HTTP) and operating system internals (Windows, Linux, macOS).
• Experience with advanced exploitation techniques, lateral movement, and persistence mechanisms.
• Strong familiarity with threat modeling and attack frameworks like MITRE ATT&CK, OWASP Top 10, and Cyber Kill Chain.
• Hands-on experience with Active Directory and cloud environments (e.g., AWS, Azure, GCP).

Certifications (Preferred)

• OSCP (Offensive Security Certified Professional), OSWE, or OSEP.
• GIAC certifications such as GPEN, GWAPT, or GXPN.
• Relevant certifications like CEH or CompTIA PenTest+ are a plus.

Key Competencies:

• Strong analytical and problem-solving skills with a creative and proactive mindset.
• Ability to manage multiple offensive security engagements simultaneously.
• Excellent verbal and written communication skills, with the ability to deliver technical findings to both technical and non-technical audiences.
• Team player with a passion for offensive security and ethical hacking.
• Highly organized with strong attention to detail and a commitment to operational security and confidentiality.

Work Environment:

• May involve off-hours operations for stealthy assessments or simulations.
• Collaborative, team-oriented environment with opportunities for professional development and certifications.
• Access to a wide range of cutting-edge tools and frameworks for offensive security.

Physical Demands

While performing the duties of this job, the employee uses his/her hands to finger, handle, or feel objects; reach with hands and arms. The employee uses a computer, copier, fax, and telephone equipment. The employee must be able to sit for a prolonged period. Must be able to lift up to 50 pounds.

Benefits

GROUP HEALTH INSURANCE:  After a 30-day waiting period, full-time employees (who work at least 30 hours per week) and their dependents, are eligible to enroll in health benefits through BlueCross BlueShield of Illinois (BCBSIL).  Health options include a choice of 2 PPO plans, a High Deductible Health plan and a HMO. In addition, Dental benefits are available as well as a Vision PPO plan utilizing the EyeMed network. Proven also offers voluntary worksite benefits including critical illness and accident coverage, short-term disability insurance, supplemental life and pet insurance.  

EMPLOYER PROVIDED LIFE/AD&D INSURANCE:  After a 30-day waiting period, Proven IT provides a flat $25,000 Life Insurance benefit, administered by BlueCross BlueShield, to all full-time employees (who work at least 30 hours per week). Accidental Death & Dismemberment (AD&D) benefit payments are determined based on the type of loss incurred and are payable up to the full Life Insurance benefit amount. Life and AD&D Insurance coverage amounts are reduced at ages 65, 70 and 75.

EMPLOYER PROVIDED LTD: Long-Term Disability (LTD) insurance is an employer-provided benefit and provides protection from loss of income in the event that an employee is unable to work due to illness, injury, or accident for a long period of time.  The elimination period is 90-days, and the maximum benefit is 60% of covered payroll up to $6000/month. This benefit is paid entirely by Proven IT and has no cost to the employee.

EMPLOYEE ASSISTANCE PROGRAM: All employees may utilize the Disability Resource Services through BlueCross BlueShield of Illinois to assist themselves and their immediate family with convenient resources to help address emotional, legal and financial issues. Telephonic counseling and web-based services are available as well as a limited number of geographically accessible face-to-face sessions.

401K PLAN: All employees are eligible after 120 days of service to contribute on either a pre-tax or post-tax (Roth) basis to the 401K plan, administered by Principal Financial Services. Proven offers an employer match equal to 100% of the first 3% of deferrals plus 50% of the next 2% of deferrals. 

FINANCIAL ADVISORY SERVICES:  Proven IT partners with Merrill Lynch to offer financial advisement to all employees. Merrill Lynch financial advisors are available to assist employees at no cost, with their 401k and retirement questions.  

PERMISSIVE TIME OFF POLICY: Proven provides a competitive paid time off policy for all full-time regular employees after a 90-day waiting period. Proven IT empowers their employees to work with their managers and team to coordinate all time off. Managers may impose a limit to requests for time off based on performance and tenure.

PARENTAL LEAVE: Proven IT offers a generous parental leave policy for new parents. After 24-months of employment, Proven provides full-time regular employees with 90-days of paid Maternity leave and 10-days of paid Paternity leave. Employees with less than 24-months of service may take the same amount of unpaid time off.

FITNESS CENTER:  Proven IT offers a free on-site fitness center at the Tinley Park headquarters office location to all employees from 5:00am to 8:00pm Monday through Friday. Employees utilize the gym equipment at their own risk.