Offensive Security Engineer
External
Cenhud · PoughkeepsieFull-timeOn-siteToday
BashCloud SecurityDocumentationIncident ResponseInformation SecurityLeadership
Prepare for this interview
EliteAI-generated questions, company research, and talking points tailored to this role
Benefits
Competitive compensationMedical, dental, and vision insurance401(k) retirement savings plan with substantial company matchLife and travel insuranceTuition assistanceWellness reimbursement programPaid holidays and vacationWhat is an Offensive Security Engineer?What does an Offensive Security Engineer do?Conducts targeted offensive testing activities in support of threat emulation and detection validation across networks, applications, cloud environments, and endpointsExecutes intelligence‑driven threat emulation exercises that replicate real‑world adversaries, campaigns, and tactics, techniques, and procedures (TTPs)Performs vulnerability remediation testing to validate the effectiveness of fixes and compensating controlsMaps emulated activity to MITRE ATT&CK techniques and track detection coverage and gapsDevelops and maintains custom tools, scripts, and payloads to support testing activitiesSafely exercises adversary techniques to evaluate the effectiveness of security controls and detectionsPartners with blue team, SOC, and engineering teams to test detection and response capabilitiesImplements, maintains, and enhances red team tooling and infrastructure to support penetration testing, adversary emulation, and purple team exercisesLeads and executes purple team exercises in close coordination with the SOC and Blue Team, sharing findings, techniques, and actionable recommendations to strengthen detection, response, and recovery capabilitiesAssists in tuning and validating security controls, alerts, analytics, and incident response playbooks based on threat emulation outcomesValidates security detections across SIEM, EDR, identity, and cloud platforms using repeatable and measurable testing scenariosProduces clear, actionable reports detailing emulated adversary behavior, detection gaps, response gaps, and prioritized remediation guidancePresents results to technical teams and leadership, translating technical risk into business termsTracks remediation progress and re-test identified issuesStays current on emerging threats, adversary techniques, and offensive security toolingContributes to the development of red team methodologies, frameworks, and documentationSupports threat intelligence-driven testing aligned with real-world attack trendsConsumes and operationalizes threat intelligence to inform adversary selection, scenario design, and testing prioritiesPromotes and raises awareness by educating others about the importance of cybersecurityBuilds relationships with government and local agencies to promote collaborative information sharingStays updated with the latest cybersecurity trends, threats, and technologiesParticipates in on-call as needed to respond to security incidents outside of regular working hoursProvides support for storm restoration effortsWhat does it take to be an Offensive Security Engineer?Required:Strong knowledge of network, application, and cloud security, including operating systems (Windows and Linux)Working knowledge of common offensive security tools, including but not limited to:Metasploit, Cobalt Strike (or equivalents), Burp Suite, Nmap, BloodHound, and CrackMapExecKnowledge of vulnerability remediation testing and validating the effectiveness of security controlsDemonstrated experience collaborating closely with SOC or Blue Team functions to improve detection and incident response maturityAbility to develop scripts or tools using Python, PowerShell, Bash, or C#Solid understandingDental insuranceVision insurance401(k)Paid time off
Your Match
How well this role fits your profile.
Company Intel
What employees say
Worked at cenhud? Share your experience