Senior Offensive Security Engineer / Senior Pentest Expert
Experience: 7+ Years
Team: Offensive Security / Red Team
Role Overview
We are looking for an experienced Offensive Security Engineer to join our offensive security team and lead advanced penetration testing and adversary simulation engagements.
This role involves simulating real-world attackers across enterprise environments, identifying complex security weaknesses, developing exploitation strategies, and helping strengthen the organization's detection and response capabilities.
The ideal candidate is passionate about offensive security, enjoys breaking complex systems, and has deep expertise in areas such as Active Directory exploitation, application security, reverse engineering, and red teaming.
Key Responsibilities
Application Security Testing
- Perform advanced penetration testing of web applications, APIs, and enterprise platforms
- Identify complex vulnerabilities including business logic flaws, access control issues, and authentication weaknesses
- Assess modern application architectures including microservices and API ecosystems
Infrastructure & Enterprise Network Security
- Conduct internal and external penetration testing
- Identify vulnerabilities in enterprise infrastructure and perform privilege escalation and lateral movement
- Evaluate segmentation controls and enterprise attack surfaces
Active Directory Security
- Perform deep assessments of Active Directory environments
- Identify attack paths and domain privilege escalation opportunities
- Simulate attacks such as Kerberoasting, delegation abuse, credential theft, and domain dominance
Red Team Operations
- Execute adversary simulation and red team engagements
- Emulate real-world threat actors using frameworks such as MITRE ATT&CK
- Conduct multi-stage attacks involving initial access, persistence, lateral movement, and data exfiltration
Thick Client & Reverse Engineering
- Assess security of desktop and thick client applications
- Reverse engineer binaries and analyze client-server protocols
- Identify vulnerabilities through dynamic and static analysis
ERP & SAP Security (Optional)
- Perform security testing of enterprise ERP platforms such as SAP
- Identify authorization weaknesses, misconfigurations, and abuse of privileged functionality
Offensive Tool Development
- Develop custom scripts and tooling to support offensive security engagements
- Automate reconnaissance, exploitation, and post-exploitation activities
Reporting & Security Advisory
- Deliver clear, actionable security assessments and risk reports
- Provide technical guidance to engineering teams on remediation strategies
Required Skills
- Strong hands-on experience in penetration testing and offensive security
- Deep understanding of enterprise attack techniques
- Experience performing privilege escalation and post-exploitation
- Strong scripting or programming skills (Python, PowerShell, Bash)
Preferred Certifications
Candidates with the following certifications will be highly regarded:
Offensive Security
- OSCP
- OSEP
- OSWE
- OSED
Red Team / Active Directory
- CRTP
- CRTO
- CARTP
Application Security
- eWPTXv2
- GWAPT
Advanced / Specialized
- GXPN
- OSCE3
Nice to Have
- Experience with SAP security testing
- Experience in cloud security testing (AWS/Azure/GCP)
- Experience in ICS/OT security assessments
- Active participation in security research, bug bounty programs, or open-source tooling
7-10 years96
Get Personalized Job Matches with 1 Click
Job Description
Download ResumeSenior Offensive Security Engineer / Senior Pentest Expert
Experience: 7+ Years
Team: Offensive Security / Red Team
Role Overview
We are looking for an experienced Offensive Security Engineer to join our offensive security team and lead advanced penetration testing and adversary simulation engagements.
This role involves simulating real-world attackers across enterprise environments, identifying complex security weaknesses, developing exploitation strategies, and helping strengthen the organization's detection and response capabilities.
The ideal candidate is passionate about offensive security, enjoys breaking complex systems, and has deep expertise in areas such as Active Directory exploitation, application security, reverse engineering, and red teaming.
Key Responsibilities
Application Security Testing
- Perform advanced penetration testing of web applications, APIs, and enterprise platforms
- Identify complex vulnerabilities including business logic flaws, access control issues, and authentication weaknesses
- Assess modern application architectures including microservices and API ecosystems
Infrastructure & Enterprise Network Security
- Conduct internal and external penetration testing
- Identify vulnerabilities in enterprise infrastructure and perform privilege escalation and lateral movement
- Evaluate segmentation controls and enterprise attack surfaces
Active Directory Security
- Perform deep assessments of Active Directory environments
- Identify attack paths and domain privilege escalation opportunities
- Simulate attacks such as Kerberoasting, delegation abuse, credential theft, and domain dominance
Red Team Operations
- Execute adversary simulation and red team engagements
- Emulate real-world threat actors using frameworks such as MITRE ATT&CK
- Conduct multi-stage attacks involving initial access, persistence, lateral movement, and data exfiltration
Thick Client & Reverse Engineering
- Assess security of desktop and thick client applications
- Reverse engineer binaries and analyze client-server protocols
- Identify vulnerabilities through dynamic and static analysis
ERP & SAP Security (Optional)
- Perform security testing of enterprise ERP platforms such as SAP
- Identify authorization weaknesses, misconfigurations, and abuse of privileged functionality
Offensive Tool Development
- Develop custom scripts and tooling to support offensive security engagements
- Automate reconnaissance, exploitation, and post-exploitation activities
Reporting & Security Advisory
- Deliver clear, actionable security assessments and risk reports
- Provide technical guidance to engineering teams on remediation strategies
Required Skills
- Strong hands-on experience in penetration testing and offensive security
- Deep understanding of enterprise attack techniques
- Experience performing privilege escalation and post-exploitation
- Strong scripting or programming skills (Python, PowerShell, Bash)
Preferred Certifications
Candidates with the following certifications will be highly regarded:
Offensive Security
- OSCP
- OSEP
- OSWE
- OSED
Red Team / Active Directory
- CRTP
- CRTO
- CARTP
Application Security
- eWPTXv2
- GWAPT
Advanced / Specialized
- GXPN
- OSCE3
Nice to Have
- Experience with SAP security testing
- Experience in cloud security testing (AWS/Azure/GCP)
- Experience in ICS/OT security assessments
- Active participation in security research, bug bounty programs, or open-source tooling