Offensive Security specialist

WORK ILLUSTRATION:

We are seeking a highly skilled and motivated Contractor, Offensive Security Specialist to join our security team. This is a highly technical role which involves simulating real-world cyberattacks to identify vulnerabilities in our systems, networks, and applications, and providing recommendations to strengthen our security posture. The ideal candidate will have hands-on experience in penetration testing, red team operations, and adversary emulation, along with a passion for staying on the cutting edge.

KEY RESPONSIBILITIES:

Penetration Testing:

• Conduct ethical hacking assessments on web applications, networks, systems, and wireless environments to identify vulnerabilities.
• Perform vulnerability assessments using novel, and industry-standard tools and techniques.
• Develop and execute manual and automated penetration testing procedures, including black-box and white-box testing.
• Perform risk assessments to evaluate the severity of discovered weaknesses.
• Provide detailed written reports on vulnerabilities, exploitation techniques, and recommendations for remediation.
• Collaborate with development teams and system administrators to implement security best practices across the technology stack, as applicable.

Red/Purple Team Operations:

• Conduct red teaming exercises to simulate advanced persistent threats (APTs) likely to target the organization's environment, focusing on evading detection and bypassing security controls.
• Simulate attacks to test incident response and security operations team responses to realistic threat scenarios.
• Perform social engineering assessments, including phishing campaigns, to evaluate human vulnerabilities.
• Develop and execute advanced adversary tactics to test the organization's defenses, including exploitation, lateral movement, privilege escalation, data exfiltration and encryption.
• Lead or support tabletop exercises and training sessions to improve awareness and response protocols.

Collaboration and Reporting:

• Work closely with other IT teams to ensure comprehensive coverage of security controls.
• Provide actionable recommendations to reduce risk and improve the organization's security posture.
• Communicate findings to both technical and non-technical stakeholders in clear and concise reports.
• Mentor and train junior team members and other security staff on offensive security techniques.

REQUIRED SKILLS & QUALIFICATIONS:

• Proven experience in offensive security, or ethical hacking in an enterprise environment.
• Strong understanding of networking protocols, operating systems (Windows, Linux), web application architectures, and cloud security.
• Expertise in commonly used offensive security tools.
• Familiarity with scripting and automation tools.
• Experience with exploiting common vulnerabilities (e.g., OWASP Top 10) and the latest attack vectors (e.g., Ransomware, Supply Chain Attacks).
• In-depth knowledge of penetration testing techniques and methodologies (e.g., OSCP, PTES, NIST SP , etc.).
• Experience in simulating attacks against cloud infrastructure and OT/ICS systems are a big plus.
• Familiarity with security frameworks and compliance standards (NIST, PCI-DSS, GDPR, etc.).

DESIRABLE CERTIFICATIONS:

While certifications are not mandatory, the following certifications are highly valued for this position:

• Offensive Security Certified Professional (OSCP)
• Certified Red Team Professional (CRTP) - Focuses on adversary simulation and red teaming skills.
• GIAC Penetration Tester (GPEN) - Demonstrates expertise in penetration testing methodologies.
• Certified Expert Penetration Tester (CEPT) - Advanced penetration testing certification.
• Certified Incident Handler (GCIH) - Strong knowledge of incident response and handling breaches.

DESIRABLE SOFT SKILLS

• Problem-solving skills: Ability to think like an attacker and work through complex problems creatively.
• Attention to detail: Ensuring thorough testing and identification of all in-scope vulnerabilities.