Sr Analyst, Information Security

About The Position

Requirements

• Bachelor's Degree in Computer Science, CIS, Engineering, Business Administration, Cybersecurity, or related field (or equivalent work or military experience in a related field)
• 4 years of experience in information security
• Intermediate understanding of fundamental security and network concepts (Windows and Unix security: OS lockdown; logging and monitoring; application security; user access; perimeter protection principles, network communication rules; intrusion detection and analysis methods; etc.).

Nice To Haves

• 6+ years of hands-on offensive security experience, including at least 4+ years conducting full-scope red team or adversary emulation operations in enterprise environments.
• Demonstrated experience planning and executing authorized initial-access operations across one or more of the following: phishing simulation, external attack surface exploitation, public-facing application exploitation, identity abuse, SaaS/cloud footholds, or trusted third-party/supply-chain-style scenarios.
• Strong understanding of OPSEC for red team operations, including infrastructure separation, engagement deconfliction, logging discipline, payload safety, operator attribution control, burn procedures, and clear rules of engagement.
• Advanced experience with C2 infrastructure design and operations, including staging, redirector concepts, operator workflows, infrastructure lifecycle management, detection exposure reduction, and post-engagement teardown.
• Hands-on experience with endpoint security telemetry and evasion research in authorized lab or enterprise testing environments, including the ability to reason about EDR/AV behavior, security logs, SIEM visibility, and detection opportunities without relying only on public tools.
• Technical ability to develop, modify, or review offensive tooling using at least one scripting language such as Python or PowerShell and at least one systems or compiled language such as C, C++, C#, Go, or Rust.
• Experience with payload, implant, or agent development in authorized environments, including safe execution controls, error handling, logging awareness, operator control, and post-operation cleanup.
• Deep understanding of Windows enterprise attack paths, including Active Directory, Kerberos, ADCS, delegation, trusts, privileged access, endpoint hardening, and identity-based lateral movement.
• Working knowledge of cloud and SaaS attack paths, especially Microsoft Entra ID/Azure, Google Cloud, Google Workspace, OAuth/application consent, IAM misconfiguration, service accounts, and cloud logging.
• Ability to map operations to MITRE ATT&CK and produce actionable outputs for blue teams, including detection gaps, control weaknesses, attack-path narratives, and remediation recommendations.
• Excellent written and verbal communication skills, with the ability to brief technical operators, SOC analysts, engineering teams, and leadership

Responsibilities

• Plan, scope, and execute authorized red team and adversary emulation operations across enterprise, cloud, identity, endpoint, application, and retail technology environments.
• Conduct realistic initial-access scenarios aligned to approved rules of engagement, including external attack surface testing, phishing simulation, identity abuse, public-facing application exploitation, SaaS/cloud footholds, and other authorized access paths.
• Design, deploy, operate, and safely decommission C2 infrastructure used during approved red team operations.
• Maintain strong operational security practices across tooling, infrastructure, logging exposure, operator behavior, payload safety, engagement deconfliction, and post-operation cleanup.
• Develop, modify, test, and review offensive tooling, payloads, automation, and tradecraft in controlled and authorized environments.
• Conduct endpoint telemetry and evasion research to understand how security controls detect, block, or miss adversary behavior.
• Identify and validate attack paths involving Active Directory, ADCS, Kerberos, privileged access, trust relationships, Microsoft Entra ID, cloud IAM, SaaS platforms, and endpoint controls.
• Partner with Detection Engineering, SOC, Threat Hunting, and Incident Response teams to improve visibility, alerting, response playbooks, and control effectiveness.
• Translate red team findings into clear technical reports, executive summaries, attack narratives, detection gaps, and prioritized remediation recommendations.
• Map adversary behaviors, findings, and emulation plans to common frameworks such as MITRE ATT&CK.
• Support purple team exercises that validate detection logic, response workflows, and defensive control improvements.
• Stay current on adversary tradecraft, offensive security research, cloud and identity attack paths, endpoint security capabilities, and emerging defensive technologies.
• Mentor other offensive security team members and contribute to the development of repeatable methodologies, lab environments, tooling standards, and operational processes.

Benefits

• exceptional benefits and opportunities to grow their skills