Sr. Info Security Specialist

About The Position

Requirements

• 5+ years of experience in red teaming, penetration testing, or offensive security, with demonstrated hands‑on impact
• Bachelor’s degree or equivalent practical experience
• Strong knowledge of attacker tradecraft and TTPs across modern enterprise environments
• Hands‑on experience attacking and evading controls in endpoint, identity, cloud, and hybrid infrastructures
• Working understanding of defensive security technologies, such as EDR, SIEM, identity protection, and cloud security controls
• Experience collaborating in purple team exercises and adapting techniques based on detection feedback
• Ability to independently plan and execute offensive tasks within a defined engagement scope
• Strong written and verbal communication skills, including technical documentation and reporting
• High ethical standards and experience operating within defined rules of engagement
• Candidates must be legally authorized to work in the United States without the need for employer sponsorship now or in the future.

Nice To Haves

• Experience executing threat‑intelligence‑informed adversary emulation, not just vulnerability‑driven testing
• A track record of helping convert red team findings into improved detections or response playbooks
• Strong scripting or automation skills (e.g., Python, PowerShell, Bash) to support tooling and operations
• Familiarity with MITRE ATT&CK for mapping activity and communicating impact
• Experience operating in regulated or large enterprise environments
• Demonstrated ability to mentor junior analysts or contribute to internal training materials
• Curiosity, adaptability, and a continuous improvement mindset

Responsibilities

• Executing adversary emulation and red team engagements aligned to real‑world threat actor techniques and objectives
• Performing hands‑on offensive operations, including initial access, persistence, privilege escalation, lateral movement, and command‑and‑control
• Developing, maintaining, and safely using custom red team tooling, scripts, and techniques
• Working closely with detection and threat hunting teams to validate detections and response effectiveness during red and purple team exercises
• Assisting in the design and execution of assumed breach scenarios and multi‑stage attack chains
• Identifying control gaps, detection blind spots, and architectural weaknesses across enterprise environments
• Supporting incident response teams during complex investigations by providing attacker tradecraft insight
• Producing clear, actionable reporting that translates technical findings into operationally relevant recommendations
• Contributing to the improvement of red team processes, safety controls, and engagement playbooks
• Mentoring junior analysts and contributing to skills development across the security operations team

Benefits

• Fair and competitive salary and incentive compensation packages with an upside for overachievement
• Generous paid time off, including vacation, personal days, sick days and annual community service days
• Health, dental and vision benefits, including access to telemedicine and mental health services
• 2:1 401(k) match, up to 8% match immediately upon hire
• Discounted Employee Stock Purchase Plan
• Tax Savings Accounts for health, dependent and transportation
• Employee referral bonus program
• Volunteer opportunities to help you give back to your communities
• Complimentary lunch, snacks and coffee in any Cboe office
• Paid Tuition assistance and education opportunities
• Generous charitable giving company match
• Paid parental leave and fertility benefits
• On-site gyms and discounts to other fitness centers