Associate Director, Principal Security

About the role

Grade Level (for internal use): 12 The Role: The Principal Security Engineer - Offensive Security is an internal adversarial security practitioner embedded within Enterprise Solutions (ES). The role is responsible for independently testing and validating the security posture of ES applications, data platforms, and supporting cloud infrastructure. This is a hands-on offensive security role, not a compliance or governance function. The engineer plans and executes red team operations, penetration tests, and adversarial simulations that reflect the techniques, tactics, and procedures of realistic threat actors - across application code, APIs, CI/CD pipelines, AWS infrastructure, multi-tenant platform boundaries, and AI/agentic system components. Working in close partnership with ES product engineering teams, the role provides an independent adversarial perspective on implemented controls and remediations. Findings feed directly into the continuous improvement of security practices across ES engineering and inform risk decisions made by technology and business leadership. Success is measured by the quality and realism of engagements, the reduction of exploitable risk in production systems, and the degree to which findings drive durable security improvement - not by volume of findings or compliance artefacts.

Responsibilities

• Red Team Operations & Penetration Testing
• Plan and execute red team engagements and penetration tests against web applications, APIs, internal services, and AWS cloud infrastructure, scoped and executed with clear rules of engagement.
• Simulate realistic attacker TTPs aligned with threat intelligence and frameworks such as MITRE ATT&CK (Enterprise and Cloud), tailored to the organizational threat model.
• Conduct full-scope assessments covering initial access, lateral movement, privilege escalation, persistence, and data exfiltration across application and cloud environments.
• Perform cloud-specific attack path analysis including IAM privilege escalation, metadata service abuse, cross-account access, misconfiguration exploitation, and container or serverless escape techniques.
• Execute CI/CD pipeline attack simulations covering supply chain compromise, secrets exposure, artifact tampering, and pipeline misconfigurations.
• Assess and exploit vulnerabilities in authentication and authorisation mechanisms, business logic, APIs, and data handling processes.
• Test multi-tenant platform boundaries to identify cross-tenant data access paths, context confusion, and shared-resource leakage.
• Assess AI and agentic system components, including prompt injection, tool-call abuse, agent privilege escalation, model output manipulation, and MCP/orchestration layer attack surfaces.
• Security Control Validation & Remediation
• Independently validate the effectiveness of security controls implemented by engineering and platform teams, providing evidence-based assessments rather than checklist verdicts.
• Re-test remediated vulnerabilities to confirm fixes are effective and do not introduce new risks.
• Conduct adversarial reviews of proposed security architectures and AI/agentic system designs to identify potential bypasses, trust boundary violations, or design gaps.
• Challenge security assumptions through realistic attack simulations and communicate the business impact of exploitable gaps clearly.
• Vulnerability Assessment & Research
• Perform application security assessments using structured methodologies including the OWASP Testing Guide, PTES, and emerging guidance for AI/LLM systems such as the OWASP Top 10 for LLMs.
• Assess AWS and cloud infrastructure through configuration review, privilege analysis, network exposure mapping, and detection gap identification.
• Assess data layer security including database access controls, ORM injection paths, data-tier privilege abuse, and financial data exfiltration routes.
• Evaluate secrets management practices across repositories, environment configurations, serverless functions, and managed secrets services.
• Research emerging attack techniques relevant to the ES technology stack and develop proof-of-concept exploits where appropriate.
• Contribute to the vulnerability management lifecycle with accurate risk ratings, regulatory exposure context, and practical remediation guidance.
• Purple Team Collaboration
• Partner with Security Operations and Detection Engineering during purple team exercises to evaluate detection coverage and alert quality, producing ATT&CK coverage mapping and detection gap analysis as standard outputs.
• Develop and share attack playbooks, indicators of compromise (IOCs), and detection recommendations informed by red team findings.
• Identify and communicate logging and monitoring gaps uncovered during engagements, with specific attention to agentic workflow and API observability blind spots.
• Reporting & Communication
• Produce clear, professional assessment reports documenting attack narratives, findings, supporting evidence, risk ratings, and rem

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at spgi? Share your experience