Lead Offensive Security Engineer

About The Position

Requirements

• Demonstrated experience leading complex red team engagements or adversary simulations across applications, endpoints, APIs, and cloud environments.
• Proven ability to influence technical direction and raise operational standards without formal people management authority.
• 7+ years of experience in cybersecurity, with at least 3–5 years in offensive security, red team, or advanced penetration testing roles.
• Deep hands-on expertise with modern C2 frameworks and adversary simulation tooling, with the ability to adapt tradecraft to evolving defensive controls.
• Strong understanding of attacker methodologies, including MITRE ATT&CK, OWASP Top 10, CWEs, and real-world threat intelligence, and the ability to translate those into practical attack scenarios.
• Experience conducting purple team exercises and validating SIEM, EDR, and network detection capabilities through controlled simulation and evidence-based testing.
• Experience delivering executive-ready briefings that clearly communicate technical risk, business impact, and prioritized remediation actions.
• High degree of discretion, integrity, and operational discipline when conducting sensitive offensive security work.
• Bachelor’s degree in Computer Science, Engineering, or equivalent practical offensive security experience.
• Authorization to work in the United States without sponsorship.
• Ability to travel 3-5 times a year to our NYC or Reston, VA office.
• Proficiency in Microsoft Suite tools is preferred, though a willingness to learn is equally valued.
• Curiosity and enthusiasm for emerging technologies, particularly AI-driven solutions, and a proactive approach to independently learning and applying new digital tools.
• Alignment with College Board’s Operating Principles, reflecting a commitment to continuous growth, collaboration, and impact.
• A commitment to candid, timely, respectful feedback
• A learner orientation and an openness to ideas and diverse perspectives
• The ability to push for excellence through data-informed decision-making, iterative learning, external benchmarking and user-inputs
• Strong problem-solving skills, including the ability to break down complex issues and identify clear paths forward
• A track record of prioritizing high-impact work, simplifying complexity, taking initiative, and making decisions quickly with clarity of purpose
• A habit of collaborating across differences, practicing empathy, and contributing to a culture of trust and shared success.

Nice To Haves

• Candidates who live near CB offices have the option of being fully remote or hybrid (Tuesday and Wednesday in office).

Responsibilities

• Design and evolve the Red Team capability (35%)
• Define and continuously refine the red team engagement model, including methodology, scope development, rules of engagement, evidence standards, and quality controls.
• Shape offensive assessment strategy in partnership with leadership, translating program priorities into technically sound attack approaches and campaign plans.
• Determine tooling, infrastructure, and C2 frameworks used in approved environments, ensuring tradecraft reflects relevant real-world threat actors and techniques.
• Establish standards for multi-stage adversary simulation, ensuring engagements are realistic, repeatable, and aligned to MITRE ATT&CK and current threat intelligence.
• Continuously assess and improve how red team effectiveness is measured, including coverage, repeat findings, and defensive validation outcomes.
• Lead execution of high-impact offensive campaigns (40%)
• Lead and personally execute advanced penetration tests and red team assessments across client applications, web applications, APIs, endpoints, and supporting infrastructure.
• Orchestrate multi-stage attack simulations spanning initial access, privilege escalation, lateral movement, persistence, and objective completion within approved guardrails.
• Plan and drive purple team exercises in close partnership with Threat Hunt, SOC, and Incident Response teams to validate and strengthen detection and response capabilities.
• Evaluate the effectiveness of security controls, including SIEM, EDR, and network monitoring, and drive re-testing to confirm measurable improvement.
• Coordinate and guide other red team engineers during engagements, ensuring consistency, technical rigor, and high-quality deliverables.
• Drive measurable defensive impact and organizational enablement (25%)
• Translate offensive findings into prioritized, actionable remediation guidance and partner with system owners to drive meaningful risk reduction.
• Produce executive-ready reports and briefings that clearly articulate risk, impact, and recommended actions for both technical and non-technical stakeholders.
• Develop and maintain standardized red team artifacts, including playbooks, adversary emulation plans, reporting templates, and documentation that improve repeatability and knowledge transfer.
• Provide technical guidance to Vulnerability Management and Threat Hunting teams on attacker behaviors, custom detection approaches, and validation techniques.
• Foster a culture of collaboration and continuous learning across Cyber Operations teams through knowledge sharing, mentorship, and contribution to shared playbooks and best practices.

Benefits

• Annual bonuses and opportunities for merit-based raises and promotions
• A mission-driven workplace where your impact matters
• A team that invests in your development and success