Principal Penetration Testing Engineer

AEG Worldwide-posted 1 day ago
Full-time • Principal
Los Angeles, CA
5,001-10,000 employees
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

AXS connects fans with the artists and teams they love. Each year we sell millions of tickets to thousands of incredible events – from concerts and festivals to sports and theater – at some of the most iconic venues in the world. Since our founding in 2011, we’ve consistently pushed the industry forward and improved experiences for fans, making it easier than ever to discover events, find the perfect seats, and enjoy unforgettable live entertainment, and we continue to lead the evolution of our industry today. We’re passionate about improving the fan experience and providing game-changing solutions for our clients, and we’re always looking for smart, motivated people to help make it happen. Bring your enthusiasm, your big ideas, and your desire to team up with some of the best and brightest in technology and entertainment. The Role AXS is seeking a Principal Penetration Testing Engineer to join our offensive security program and active adversary intervention capabilities. This is not a standard penetration testing role—you'll architect and execute sophisticated adversary emulation campaigns, hunt live threats in production environments, and bridge the gap between offensive and defensive security through purple team operations. In this role, you'll think simultaneously as attacker and defender, leading engagements that test not just our technical controls but our people, processes, and detection capabilities. You'll work directly with incident response teams during active breaches, applying offensive tradecraft to reconstruct attack paths, predict adversary next moves, and validate remediation effectiveness. You'll also help shape our security strategy at the highest levels, presenting to executive leadership and driving organization-wide security initiatives. You will work on consumer-facing and B2B applications that can scale and handle high demand, as well as complex enterprise systems that meet our global needs.

  • Design complex red team operations spanning weeks or months, operating covertly to test detection and response capabilities across the entire kill chain.
  • Build and maintain sophisticated C2 infrastructure with multi-layer redirectors, domain fronting, and encrypted covert channels
  • Create comprehensive adversary emulation playbooks that defensive teams can use for tabletop exercises and detection validation
  • Develop custom tooling, exploits, and evasion techniques to bypass modern security controls (EDR, SIEM, DLP, next-gen firewalls)
  • Develop and refine detection engineering rules based on offensive TTPs, ensuring blue teams can identify sophisticated adversary behavior
  • Facilitate purple team exercises bringing red and blue teams together for collaborative security validation and continuous improvement:
  • Lead adversary emulation campaigns based on real threat actor TTPs, mapping all activities to MITRE ATT&CK and ensuring realistic simulation of APT groups targeting our industry
  • Conduct proactive threat hunting campaigns leveraging hypothesis-driven investigation, behavioral analytics, and threat intelligence
  • Conduct zero-day research and vulnerability discovery through fuzzing, patch analysis, and novel attack surface exploration
  • Test detection capabilities against realistic attack scenarios, identifying blind spots and tuning security controls for higher fidelity
  • Provide expert advice on eviction operations, coordinating simultaneous remediation across compromised systems while preventing adversary reinfection
  • Engage live adversaries in controlled scenarios to gather intelligence, understand objectives, and develop containment strategies
  • Serve as cyber security subject matter expert during active security incidents, applying offensive expertise to threat hunting, attack path reconstruction, and adversary prediction
  • BS in Computer Science or 10 years full-time experience in a computer science role in lieu of a degree.
  • 15+ years in information security with at least 5 years in offensive security roles (red team, penetration testing, exploit development)
  • 5+ years in incident response, threat hunting, or defensive security operations demonstrating deep understanding of detection and defensive capabilities
  • Proven track record leading complex red team engagements against Fortune 500 or similarly complex enterprise environments
  • Experience serving as technical subject matter expert or incident manager during active security incidents involving sophisticated adversaries
  • Demonstrated expertise conducting adversary emulation campaigns
  • Background in security research with published CVEs, conference talks (DEFCON, Black Hat, BSides), or security tool contributions (public or private)
  • Experience with Git and CI/CD Security Practices
  • Experience with event-driven technologies, e.g. Kafka
  • Experience using NOSQL databases such as Elasticsearch or AWS DynamoDB
  • Experience in the ticketing industry, inventory management systems or e-commerce
  • medical, dental and vision insurance
  • paid holidays, vacation and sick time
  • company paid basic life insurance
  • voluntary life insurance
  • parental leave
  • 401k Plan (with a current employer match of 3%)
  • flexible spending and health savings account options
  • wellness offerings
Track Jobs with Teal

Job Search Resources

AI Resume Builder
Principal Engineer Resume Examples
Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service