We are looking for an Offensive Security Engineer to conduct covert, targetted penetration testing of our organisation's systems through focused threat-based methodologies as a simulated or novel adversary to expose any vulnerability, misconfiguration, lack of security control and inadequate practice/process.
The engineer will have to help design a C2 infrastructure, develop attack vectors, conduct reconnaissance, collect open-source intelligence, develop exploit payloads and system backdoors.
Additionally, it will be required to provide support to the organisation's engineering teams, as well as the Blue Team through Purple Teaming processes, to improve the security of any of the organisation's environments, including infrastructure and applications.
- Passion in identifying and exploiting vulnerabilities
- Experience on using various hacking tools, as well as developing your own
- Knowledge of common operating systems (Windows, Linux, macOS)
- Knowledge of Cloud and DevOps environments
- Knowledge of common networking configurations, load balancing, firewalls, security controls, authentication, cryptography, and common implementation flaws
- Knowledge of evasion techniques of security solutions (AV, EDR, Email and Web security gateways, etc.)
- Excellent written, presentation, verbal communication, and teaching skills
- Bachelors' degree in Computer Science or related field or equivalent practical experience
- Have at least one of the following: OSCP/OSCE/OSEE/OSWE/OSEP/CRT/CCSAS/eCPPT(X)/eWPT(X)/GPEN/GWAPT/GXPN/GCPN/GREM/CRTP/CRTE/PACES/CRTO
- Experience in Red Team engagements and Purple Teaming initiatives would be a strong advantage
- Experience in triaging Bug Bounty reports would be a plus.