Offensive Security Analyst

Global Risk and Security (GR&S) at Vanguard enables business strategy, protects client and Vanguard interests (e.g., assets and data), and stewards a strong risk culture. Our teams leverage enterprise-wide insights, deep expertise, and trusted advice so that across Vanguard leaders and crew drive faster, stronger, risk-informed decisions.

We’re seeking a highly skilled and motivated offensive security professional with a passion for Red Teaming and adversarial simulation. This role is ideal for someone who thrives on uncovering weaknesses in complex systems, particularly across web applications and cloud infrastructure, and who can think like an attacker to help us stay ahead of evolving threats.

Key Responsibilities:

• Lead and execute advanced web application penetration tests and cloud-focused Red Team engagements simulating real-world adversaries.
• Identify, exploit, and document vulnerabilities in web apps, APIs, and cloud platforms (AWS, Azure, GCP), delivering actionable risk assessments and remediation guidance.
• Design and conduct adversarial simulations to test detection and response capabilities across hybrid environments.
• Collaborate with development, cloud, and security engineering teams to harden applications and infrastructure.
• Develop and maintain custom tools, scripts, and payloads to support Red Team operations and web/cloud exploitation.
• Produce detailed, high-impact reports and debriefs for both technical and executive audiences.
• Stay ahead of the curve by researching emerging threats, TTPs, and vulnerabilities relevant to web and cloud ecosystems.
• Contribute to threat modeling, purple team exercises, and incident response investigations.
• Mentor junior team members and foster a culture of continuous learning and offensive innovation.

Required Qualifications:

• Proven experience in Red Team operations, adversary emulation, or advanced penetration testing.
• Deep expertise in web application security, including OWASP Top 10, authentication/authorization, session management, and input validation.
• Strong hands-on experience with cloud platforms (AWS, Azure, GCP) and their security models.
• Proficiency with offensive tooling such as Burp Suite, Cobalt Strike, Metasploit, custom scripts, and cloud-native attack tools.
• Demonstrated ability to exploit vulnerabilities such as SQLi, XSS, CSRF, SSRF, RCE, XXE, IDOR, and privilege escalation in cloud environments.
• Familiarity with frameworks like MITRE ATT&CK, PTES, and NIST 800-115.
• Strong scripting/programming skills (Python, PowerShell, Bash, JavaScript) for automation and exploit development.
• Excellent communication skills and the ability to clearly articulate complex findings to diverse audiences
• Offensive Security Certified Professional (OSCP) required

Preferred Certifications:

• OSWE (Offensive Security Web Expert) 
• OSEP (Offensive Security Experienced Penetration Tester)  techniques.
• CRTO (Certified Red Team Operator) 
• GXPN (GIAC Exploit Researcher and Advanced Penetration Tester) 
• GCPN (GIAC Cloud Penetration Tester) 

Additional Skills (Preferred but not Required):

• Cloud-native attack simulation: Experience with adversary emulation in AWS, Azure, or GCP using tools like Pacu, CloudGoat, or custom scripts.
• Detection evasion and stealth techniques: Familiarity with bypassing EDR, WAFs, and other security controls during Red Team operations.
• Purple teaming collaboration: Ability to work closely with Blue Teams to improve detection and response through collaborative exercises.
• CI/CD pipeline exploitation: Understanding of how to identify and exploit weaknesses in DevOps workflows and build systems.
• Knowledge of identity and access abuse: Skills in abusing SSO, OAuth, SAML, and misconfigured IAM roles or policies.
• Experience with threat intelligence: Ability to incorporate real-world TTPs from APT groups or threat actors into Red Team scenarios.

Special Factors

Sponsorship

Vanguard is not offering visa sponsorship for this position.

About Vanguard

At Vanguard, we don't just have a mission—we're on a mission.

To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.