Senior Security Engineer

About The Position

Requirements

• 5+ years of experience in the offensive security testing space
• 2+ years in security automation, platform engineering, or DevSecOps.
• 2+ years of strong automation skills using GitHub runners and JIRA.
• 1+ years of experience designing tests for detection robustness and mitigating brittleness.

Nice To Haves

• Excellent working knowledge about cloud security in relation to the major CSPs.
• Proficiency in scripting languages (Python, Go, Bash, PowerShell, etc.).
• Deep knowledge of MITRE ATT&CK and adversary-emulation frameworks.
• Understanding of detection architectures (EDR, SIEM, SOAR) and telemetry generation.
• Ability to build secure, observable, fault-tolerant services.
• Experience automating adversary simulation or Purple Team workflows.
• Hands-on with IaC (Terraform/CloudFormation) and containerization (Docker/Kubernetes).
• Familiarity with MITRE ATT&CK, D3FEND, CAPEC, and threat-informed defense methodologies.
• Integration experience with ServiceNow, Jira, or enterprise workflow systems.
• Exposure to graph visualization tools and automated reporting/dashboard creation.
• Knowledge of tools like Swimlane, DataBricks, Archer, Slack, MS O365.
• Experience with BAS tools like Cymulate and Picks among others.
• Ability to manage automation request pipelines and prioritize effectively.
• Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or related field (or equivalent experience).
• Strong communication and collaboration skills.

Responsibilities

• Help maintain and evolve a secure, scalable adversary-emulation platform for campaign scheduling, agent orchestration, payload execution, and results cataloging.
• Review commercial alternatives for Purple Team exercises using custom runners or commercial tools (e.g., Cymulate, Picus).
• Provision static or ephemeral test environments via Terraform/Kubernetes across cloud and on-prem infrastructure.
• Develop continuous adversarial threat-simulation tests for defensive control validation and resiliency assessment.
• Generate high-fidelity telemetry for EDR, SIEM, and SOAR to measure detection coverage, latency, and control effectiveness.
• Research detection brittleness, design mutation/variant tests, and enhance test cases to strengthen detection logic.
• Manage work intake pipeline and ensure timely closure of ticketed requests within SLA.
• Produce ATT&CK-mapped artifacts, dashboards, and coverage metrics for Detection Engineering and leadership.
• Enforce platform security through RBAC, secrets management, audit logging, and execution safety controls.
• Collaborate with CTI, Threat Hunt, and SOC teams to evolve test cases based on real-world threats and gaps.

Benefits

• Affordable medical plan options, a 401(k) plan (including matching company contributions), and an employee stock purchase plan.
• No-cost programs for all colleagues including wellness screenings, tobacco cessation and weight management programs, confidential counseling and financial coaching.
• Benefit solutions that address the different needs and preferences of our colleagues including paid time off, flexible work schedules, family leave, dependent care resources, colleague assistance programs, tuition assistance, retiree medical access and many other benefits depending on eligibility.