Charles SchwabRemote
Offensive Security Engineer (Remote)
United States of America
Full Time
2 hours ago
H1B Sponsor Likely
Key skills
Offensive SecurityPenetration TestingRed Team OperationsAdversary Emulation ToolingCommand and Control FrameworksThreat IntelligenceRisk Evaluation and ReportingMITRE ATT&CKSTRIDEDREADEndpoint Penetration TestingEDR BypassExploit DevelopmentMalware DevelopmentWeb Application Penetration TestingCloud Penetration TestingAI Red TeamingCryptocurrency SecurityOffensive Security Certified Professional (OSCP)GIAC Penetration Tester (GPEN)GXPN Offensive Security Certified ProfessionalAI
About this role
Charles Schwab is a leading financial services firm that empowers employees to make an impact on their careers. The Offensive Security Engineer will scope, design, and execute cybersecurity offensive operations, including penetration tests and threat emulation exercises, to enhance the firm's security posture and manage risks effectively.
Responsibilities:
- Scope, develop and execute penetration tests, purple team assessments and red team exercises
- Design and develop tools, infrastructure and exploits in support of red team operations
- Research and implement assessments based on emerging threats, threat intelligence, and vulnerabilities
- Identify gaps in threat detection, Prevention and response
- Work collaboratively with counterparts in Cyber Defense roles to enhance the firms security posture
- Effectively communicate vulnerabilities, risks and technical findings to stakeholders and work with stakeholders to recommend and validate mitigating controls
Requirements:
- 5+ years of experience in offensive security, penetration testing or red team role
- Experience with common red team adversary emulation tooling and C2 frameworks
- Advanced knowledge of the tools, tactics, procedures and counter measures
- Experience researching emerging threats and TTP's, developing complementary assessments, and executing those assessments to understand and manage risk and develop appropriate counter measures
- Experience evaluating, reporting and communicating risk at both the technical level (ATT&CK/STRIDE/DREAD) and at an audience appropriate level with stakeholders across the firm
- Experience working with cross-discipline project teams to advance security within the firm
- In-depth experience with one or more of the following cybersecurity disciplines: Endpoint Penetration testing with a focus on bypassing modern EDR controls (across Windows, Mac and Linux), Exploit & Malware Development, Web Application Penetration Testing, Cloud Penetration Testing, AI Red Teaming, and Assessing digital assets and cryptocurrency solutions
- One or more of the following security certifications preferred: Offensive Security Certified Professional OSCP, GIAC Penetration Tester GPEN, GXPN Offensive Security Certified Professional or similar security certification(s)
- BS in Computer Science or equivalent degree/experience desired
- Operational blue team experience