Lead Offensive Security Engineer (Remote)

About The Position

Requirements

• 8+ years of cybersecurity experience, 3+ years of experience in offensive security and adversary simulation.
• Understanding of Human Risk and experience performing social engineering assessments, which can move the needle on Human Risk.
• Detailed knowledge of global cyber threats, threat actors, and the tactics, techniques and procedures used by cyber adversaries, specifically those targeting the financial services and healthcare sectors.
• 3+ years of experience in two or more of the following areas: Network penetration testing and manipulation of network infrastructure Web application penetration testing assessments Email, phone, or physical social-engineering assessments Developing, extending, or modifying exploits, shell code or exploit Covert physical intrusion Cloud security or penetration testing (any major provider)
• Proficient in attacker tooling, including post-exploitation frameworks and tooling.
• Proficient in one or more of the following programming/scripting languages (C, C++, C#, Go, Python, PowerShell, Bash, or Ruby).
• Knowledge of current cloud attack methodologies and mitigations.
• Knowledge of Windows Operating System architecture and internals, and use thereof in an enterprise environment.
• Social Engineering knowledge, such as OSINT, spear phishing, vishing, and other initial access methods.
• Knowledge of core Information Technology concepts such as TCP/IP networking, Windows & Active Directory, Unix/Linux, Mainframe, Cloud Service Providers, Relational Databases, Data Warehouses, and filesystems.
• Knowledge of IT technologies and methods to secure them, specifically for databases, SharePoint, storage area networks, cloud-based storage, and data warehouses.
• Knowledge of GenAI platforms and how they can be combined with agentic workflows.
• Industry certifications such as OSCP, OSCE, OSWE, GPEN, GCIH, GWAPT, GXPN, or equivalent experience.

Responsibilities

• Collaborate with other teams within the Cyber Fusion Center and the wider organization to ensure threat-informed Cyber Risks are understood and articulated, with a goal of contributing to the successful defense of the organization.
• Support Offensive Security's engagement at multiple organizational levels, from senior leaders to technical analysts, to help guide risk understanding and verify the efficacy of remediation/mitigative actions.
• Participate in performing physical exploitation, network exploitation, and social engineering assessments against authorized targets.
• Leverage Cyber Threat Intelligence, Offensive Security Research, previous Adversary Simulation (Red Team) findings, and internal risk intelligence to develop test cases demonstrating TTP effectiveness against Experian's control environment.
• Help establish and lead Social Engineering and Human Risk Assurance functions.
• Work with the team to provide remediation recommendations across the organization to aid with remediation/mitigation of identified Cyber Risks.
• Develop scripts, tools, and methodologies to increase Offensive Security's capabilities and educate other team members.
• Use AI tools to help with Offensive Security activities while complying with Experian's Acceptable Use of AI policies and Offensive Security Rules of Engagement.
• Use MITRE ATT&CK Framework and other structured attack analysis tools to describe and classify attacker methodology and significance.

Benefits

• Great compensation package and bonus plan.
• Core benefits including medical, dental, vision, and matching 401K.
• Flexible work environment, ability to work remote, hybrid or in-office.
• Flexible time off including volunteer time off, vacation, sick and 12-paid holidays.