Offensive Security Engineer, Penetration Testing
ExternalPrepare for this interview
EliteAI-generated questions, company research, and talking points tailored to this role
Responsibilities
- Lead defined-scope penetration tests across assigned areas such as websites, services, APIs, infrastructure, cloud environments, networks, IoT devices, mobile applications, and enterprise applications.
- Partner with Intake Management, senior testers, and stakeholders to confirm objectives, access, rules of engagement, test assumptions, and engagement readiness.
- Execute testing activities including reconnaissance, vulnerability discovery, exploitation, evidence collection, reporting, and remediation validation.
- Identify, validate, exploit, and clearly document security vulnerabilities while operating safely within approved scope.
- Validate related vulnerabilities together where appropriate to demonstrate realistic impact within the boundaries of the engagement, escalating complex attack chains as needed.
- Test for control gaps where relevant and document observed weaknesses in preventative or detective controls.
- Investigate and validate Vulnerability Disclosure Program and Bug Bounty findings, escalating complex or high-impact issues as needed.
- Work with engineering, product, cloud, infrastructure, and security teams to explain findings and support practical remediation.
- Use approved scripts, templates, automation, and AI-assisted workflows to support testing efficiency, triage, reporting, and remediation validation.
- Assist with testing AI-enabled applications and integrations for common risks such as prompt injection, sensitive data exposure, insecure tool use, and authorization flaws.
- Produce clear standardized reports with reproduction steps, evidence, impact, affected systems, and remediation guidance.
- Contribute to team knowledge sharing, documentation, test notes, templates, and process feedback.
- Job Qualifications
- Qualifications (Required):
- Bachelor's degree or equivalent Polish higher education qualification in Information Security, Cybersecurity, Computer Science, or a related field, OR 2+ years of relevant experience in lieu of a degree.
- 2+ years of experience in penetration testing, application security testing, vulnerability validation, offensive security, or related security work.
- Ability to lead defined-scope penetration tests, manage day-to-day execution, document results clearly, and escalate complex, novel, or high-risk issues appropriately.
- Experience identifying, validating, and exploiting weaknesses in 2 or more domains such as web applications, APIs, mobile applications, cloud infrastructure, enterprise applications, databases, networks, servers, IoT devices, identity platforms, directory services, or AI-enabled systems.
- Ability to automate tasks with basic scripts or programs in at least one language such as Python, PowerShell, Bash, Go, C#, JavaScript, or similar.
- Basic Linux command-line experience and familiarity with Windows-based environments.
- Ability to read and understand code well enough to follow application behavior and identify security-relevant logic.
- Basic hands-on experience with at least one major cloud provider such as GCP, AWS, or Azure.
- Adversarial mindset with the ability to think from an attacker's perspective while following rules of engagement and safety guidance.
- Clear written and verbal communication skills with the ability to explain technical findings concisely.
- Qualifications (Preferred Skills):
- One or more penetration testing or security certifications such as OSCP, OSWE, GPEN, GXPN, GWAPT, PNPT, eJPT, or similar.
- Experience with CTFs, Bug Bounty programs, Vulnerability Disclosure Programs, coordinated vulnerability research, or public technical write-ups.
- Experience using AI tools to assist with reconnaissance, code review, vulnerability triage, payload development, reporting, or remediation validation.
- Exposure to testing AI-enabled applications, LLM-based systems, AI agents, RAG systems, model integrations, or AI-enabled workflows.
- Experience with mobile, IoT, embedded systems, firmware, reverse engineering, or hardware security testing.
- Exposure to cloud and identity attack paths involving SSO, MFA, OAuth, IAM, secrets exposure, conditional access, or privilege escalation.
- Familiarity with tools such as Burp Suite, Nmap, Metasploit, Frida, Ghidra, IDA, BloodHound, or cloud security testing tools.
- Curiosity, humility, and a desire to improve technical depth, reporting quality, and testing consistency.
Benefits
Additional Information
Job Location WARSAW PLANT & GO Job Description Are you a person who is passionate about breaking applications, devices, services and/or processes to help protect them against the worlds most advanced cyber security adversaries? The Information Security Protect organization at Procter & Gamble is responsible for providing a realistic depiction of threat actor behaviors and scenarios during simulated exercises. We drive improvements to applications and systems, as well as detection and response capabilities through regular testing of security controls across the enterprise.
Your Match
How well this role fits your profile.
Company Intel
What employees say
Worked at Procter & Gamble? Share your experience