Key skills
JavaScriptPythonGolangBashPowerShellAWSAzureGoogle CloudCommunicationPenetration TestingNetwork Security
About this role
KeyBank is a financial services company seeking a Senior Offensive Security Engineer to join their Cyber Adversary and Exposure Management team. The role involves simulating advanced persistent threats and improving detection and response capabilities within the organization.
Responsibilities:
- Lead and execute adversary emulation engagements using intelligence-driven threat scenarios aligned with frameworks such as MITRE ATT&CK
- Design and conduct full-scope red team operations, including initial access, lateral movement, privilege escalation, and data exfiltration simulation
- Conduct physical, external/internal, and wireless network assessments, as well as web and mobile application testing
- Perform security assessments across cloud platforms (Google Cloud, Microsoft Azure, AWS) and embedded systems
- Develop and test threat actor emulation tools, tactics, and procedures for the Red Team to employ on-demand in assessments of application, system, and network security controls
- Employ these tools and techniques in the KeyBank environment with minimal supervision
- Partner with the Cyber Threat Intelligence team to ensure Red Team capabilities and tactics accurately reflect the current threat landscape
- Consult with cross-functional teams during project testing phases and architectural design reviews to ensure appropriate security controls are in place to mitigate threats
- Coordinate and monitor third-party penetration testing engagements, ensuring alignment with requirements, effective communication, and timely, accurate reporting
- Generate and publish Red Team metrics and reporting to track program effectiveness and stakeholder visibility
- Lead efforts to track remediation of findings to completion through coordination with application and technology system owners
- Expand the team’s capabilities through: - Creation of custom tools and automation frameworks. - Research and development of novel offensive techniques and tradecraft. - Incorporation of threat actor intelligence into emulation scenarios. - Delivery of internal presentations and knowledge-sharing sessions
- Collaborate with the Cyber Threat Intelligence team to translate real-world TTPs into emulation plans
- Evaluate the effectiveness of detection and response capabilities across SOC, EDR, SIEM, and other security layers
- Provide detailed post-mortem reports and executive briefings with prioritized recommendations
- Mentor junior team members and contribute to the development of adversarial tradecraft within the team
- Partner with blue teams to conduct purple team exercises and improve detection engineering
- Contribute to the continuous improvement of adversarial emulation methodologies, tooling, and documentation
Requirements:
- Bachelor's degree or equivalent work experience
- 8+ years of experience in Red Team or Penetration Testing roles
- Proficiency with Red Team tools and Command & Control (C2) frameworks
- Strong scripting and programming skills in PowerShell, Python, JavaScript, Bash, Golang or similar languages
- Deep understanding of Windows, Linux, Kali Linux, and macOS operating systems
- Hands-on experience with one or more of the following: Google Cloud, Microsoft Azure, and AWS platforms
- Advanced networking knowledge and experience with attack simulation
- Familiarity with the MITRE ATT&CK framework and adversary TTPs
- Deep understanding of one or more Penetration Testing Methodologies such as PTES, ISECOM, ISSAF, and OSSTMM
- Strong research and reporting skills
- Willingness to travel for on-site assessments
- Offensive Security Certified Professional (OSCP)
- Offensive Security Certified Expert (OSCE)
- Offensive Security Experienced Penetration Tester (OSEP)
- Certified Red Team Professional (CRTP)
- GIAC Penetration Tester (GPEN)
- GIAC Web Application Penetration Tester (GWAPT)
- CREST Registered Penetration Tester / CBEST Qualifications