Offensive Security Analyst

At Globe, our goal is to create a wonderful world for our people, business, and nation. By uniting people of passion who believe they can make a difference, we are confident that we can achieve this goal.

Job Description

The role is primarily involved in simulating real-world cyberattacks to proactively identify and validate vulnerabilities, assess the organization’s defenses, and drive remediation and control improvements across applications, infrastructure, and security operations.

DUTIES and RESPONSIBILITIES:

• Conduct targeted penetration tests on high-risk assets, guided by intelligence from the organization’s Attack Surface Management (ASM) platform.

• Perform offensive assessments of assets identified as being under active threat, based on telemetry from security platforms such as  Web Application Firewalls (WAF) and API security solutions.

• Execute comprehensive penetration tests on web applications, mobile applications, and APIs to identify vulnerabilities and assess security posture.

• Coordinate and oversee third-party penetration testing engagements, ensuring scope, quality, and coverage align with internal security requirements.

• Operate breach and attack simulation (BAS) tools to automate security testing across networks, endpoints, and cloud platforms, validating security control effectiveness.

• Plan and execute red team exercises targeting critical platforms to emulate realistic attack scenarios; provide detailed findings and recommendations to improve detection, response, and resilience across people, processes, and technology.

• Triage, manage, and validate vulnerability reports from the Private Bug Bounty Program and Vulnerability Disclosure Program (VDP), ensuring proper remediation tracking.

• Conduct research on emerging threats, vulnerabilities, and adversary tactics, techniques, and procedures (TTPs); simulate relevant attack scenarios to assess and improve organizational defenses.

• Collaborate with blue teams and security control owners to share offensive insights and help calibrate security monitoring, incident response, and threat detection capabilities

REQUIREMENTS:

• 3–5 years of hands-on experience in offensive security, including penetration testing, red teaming, or adversary emulation.

• Proven experience in testing web applications, mobile applications, APIs, and infrastructure (internal/external).

• Exposure to managing or participating in bug bounty programs or vulnerability disclosure workflows.

• Experience working with Attack Surface Management (ASM) platforms and Breach and Attack Simulation (BAS) tools.

• Prior involvement in planning or executing Red Team or Purple Team engagements is highly desirable.

Level of Knowledge

• Bachelor’s Degree in Computer Engineering, Computer Science, or IT.

• Strong understanding of OWASP Top 10, MITRE ATT&CK, and common vulnerability classes (e.g., injection, authentication flaws, privilege escalation).

• In-depth knowledge of operating systems (linux and windows), network protocols, web technologies, and mobile platforms (iOS/Android).

• Familiarity with cloud platforms (AWS, Azure, GCP) and their security models.

• Working knowledge of SIEMs, WAFs, EDRs, and security control calibration.

Equal Opportunity Employer
Globe’s hiring process promotes equal opportunity to applicants, Any form of discrimination is not tolerated throughout the entire employee lifecycle, including the hiring process such as in posting vacancies, selecting, and interviewing applicants.

Globe’s Diversity, Equity and Inclusion Policy Commitment can be accessed here

Make Your Passion Part of Your Profession. Attracting the best and brightest Talents is pivotal to our success. If you are ready to share our purpose of Creating a Globe of Good, explore opportunities with us.