Charles SchwabRemote
Offensive Security Engineer
California, United States of America
Full Time
3 hours ago
$148,000 - $185,000 USD
Visa Sponsor
Key skills
CloudCyber SecurityLinuxAIPenetration Testing
About this role
Role Overview
- The Offensive Security Engineer scopes, designs and executes controlled cybersecurity offensive operations, penetration tests and threat adversary emulation exercises to identify vulnerabilities and risks, evaluate the effectiveness of security controls and the incident response process.
- The Offensive Security Engineer documents any identified risks, translates technical findings into clear, actionable recommendations and works with stakeholders to identify appropriate mitigating controls to manage any outstanding risk.
- The Offensive Security Engineer works closely with counterparts in defensive teams to improve threat detection and response and engineering teams to mitigate risk before it's introduced into the environment.
- Scope, develop and execute penetration tests, purple team assessments and red team exercises.
- Design and develop tools, infrastructure and exploits in support of red team operations.
- Research and implement assessments based on emerging threats, threat intelligence, and vulnerabilities.
- Identify gaps in threat detection, Prevention and response.
- Work collaboratively with counterparts in Cyber Defense roles to enhance the firms security posture.
- Effectively communicate vulnerabilities, risks and technical findings to stakeholders and work with stakeholders to recommend and validate mitigating controls.
Requirements
- 5+ years of experience in offensive security, penetration testing or red team role.
- Experience with common red team adversary emulation tooling and C2 frameworks.
- Advanced knowledge of the tools, tactics, procedures and counter measures.
- Experience researching emerging threats and TTP's, developing complementary assessments, and executing those assessments to understand and manage risk and develop appropriate counter measures.
- Experience evaluating, reporting and communicating risk at both the technical level (ATT&CK/STRIDE/DREAD) and at an audience appropriate level with stakeholders across the firm.
- Experience working with cross-discipline project teams to advance security within the firm.
- In-depth experience with one or more of the following cybersecurity disciplines: Endpoint Penetration testing with a focus on bypassing modern EDR controls (across Windows, Mac and Linux), Exploit & Malware Development, Web Application Penetration Testing, Cloud Penetration Testing, AI Red Teaming, and Assessing digital assets and cryptocurrency solutions.
Tech Stack
- Cloud
- Cyber Security
- Linux
Benefits
- 401(k) with company match and Employee stock purchase plan
- Paid time for vacation, volunteering, and 28-day sabbatical after every 5 years of service for eligible positions
- Paid parental leave and family building benefits
- Tuition reimbursement
- Health, dental, and vision insurance