Key skills
LinuxRisk ManagementCommunicationCollaborationPenetration Testing
About this role
Role Overview
- Act as a Staff Offensive Security Engineer in Adversary Emulation & Purple Engineering, conducting adversary emulations and scheduled offensive tests to continuously measure, improve, and sustain the effectiveness of prevention, detection, and response.
- Define and maintain the Purple Team / Adversary Emulation strategy and roadmap (objectives, scope, rules of engagement, communication, and governance).
- Plan and execute regular adversary emulation exercises based on TTPs (MITRE ATT&CK) and threat intelligence, focusing on continuous improvement (detection, response, hardening, and automation).
- Develop Adversary Emulation Plans and realistic attack scenarios, prioritized by risk/criticality and aligned with business context.
- Perform targeted offensive tests (e.g., exposure validation, controlled exploitation, identity abuse, lateral movement, and simulated exfiltration) in a safe and authorized manner.
- Work alongside the CDC (Cyber Defense Center) to validate detection hypotheses, telemetry gaps, alert quality, and response times; support the evolution of playbooks.
- Support the Automation Core in automating collection, simulation, instrumentation, and continuous validation (detection-as-code, pipelines, and repeatable tests).
- Produce detection engineering artifacts (e.g., Sigma/KQL/SPL rules, correlations, logging requirements) and provide actionable recommendations (mitigations and reconfigurations).
- Conduct debrief sessions, lessons learned, evidence documentation, and retests to validate fixes and the evolution of defensive posture.
- Define executive and technical metrics and reports (e.g., ATT&CK coverage, detection rate, telemetry gaps, control effectiveness) and monitor action plans.
- Provide technical management of vendors and service providers (scope, quality, evidence, SLAs, validation, and acceptance), ensuring adherence to rules of engagement and improvement objectives.
- Serve as a technical reference, supporting the establishment of the area, internal training, and the definition of standards and best practices.
Requirements
- Bachelor's degree.
- Strong experience in Offensive Security: red team, penetration testing, war games, adversary emulation, and/or purple teaming.
- Proven track record conducting Purple Team exercises with effective collaboration between offensive and defensive teams, converting findings into verifiable improvements.
- Expertise in MITRE ATT&CK (tactics/techniques/TTPs) and the ability to structure emulation plans and scenarios based on reports and evidence.
- Hands-on knowledge of emulation and post-exploitation tools and techniques in corporate environments (with safety and authorization), plus strong fundamentals in networking, Windows, Linux, and identity.
- Experience in detection engineering (rules/queries, correlation, telemetry, and logging) and integration with SIEM/EDR/XDR and automation/SOAR platforms.
- Ability to operate with governance: rules of engagement, operational risk management for tests, documentation, evidence handling, and reporting.
- Experience managing vendors and service delivery from a technical perspective (defining scope, validating deliverables, and acceptance).
Tech Stack
- Linux
Benefits
- Profit Sharing (PPR)
- Birthday day off
- Medical coverage
- Telemedicine
- Dental coverage
- On-site cafeteria
- Life insurance
- Transportation allowance
- Company shuttle (commuter bus)
- Pharmacy benefit
- Corporate partner discounts
- Gym allowance (Wellhub)
- Health and wellness platforms
- Christmas hamper
- Career development pathway
- Corporate university
- Extended maternity and paternity leave