Senior Offensive Security Engineer

Experian

full-time

Posted on:

Location Type: Remote

Location: United Kingdom

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

Tech Stack

CloudLinuxPythonRubyTCP/IPUnix

About the role

  • Collaborate with other teams within the Cyber Fusion Centre and the wider organisation. This ensures that we understand and articulate Cyber Risks in a threat-informed manner.
  • Support Offensive Security's engagement at multiple organizational levels, from senior leaders to technical analysts to help improve risk understanding and verify the efficacy of remediation/mitigative actions.
  • Participate in performing physical exploitation, network exploitation and social engineering assessments against authorized targets.
  • Use CyberThreat Intelligence, Offensive Security Research, previous Adversary Simulation (Red Team) findings and internal risk intelligence to develop test cases demonstrating TTP effectiveness against Experian's control environment.
  • Research and stay up to date with the latest cyber threats, attack vectors and attacker methodologies.
  • Develop scripts, tools and methodologies to increase Offensive Security's capabilities and educate other team members around automation and AI.
  • Use MITRE ATT&CK Framework and other structured attack analysis tools to describe and classify attacker methodology and significance.

Requirements

  • Background in offensive security and adversary simulation.
  • Detailed knowledge of global cyber threats and the procedures used by cyber adversaries.
  • Two or more of the following skills:
  • Network penetration testing and manipulation of network infrastructure
  • Web application penetration testing assessments
  • Email, phone, or physical social-engineering assessments
  • Development, extension, or modifying of exploits, shecode or exploit tools
  • Covert physical intrusion
  • Cloud security or penetration testing (any major provider)
  • AI Red Teaming/Testing and usage of Agentic AI for automation.
  • Industry certifications such as OSCP, OSCE, OSWE, GPEN, GCIH, GWAPT, or GXPN or equivalent experience.
  • Specialist skills: Proficient in attacker tooling, including post-exploitation frameworks and tooling.
  • Proficient in any of following programming languages (C, C++, C#, Python, PowerShell, Bash, or Ruby)
  • Proficient in Social Engineering techniques across OSINT, phishing, vishing and impersonation.
  • Knowledge of current cloud attack methodologies and mitigations.
  • Experience of Windows Operating System architecture and internals and use thereof in an enterprise environment.
  • Core Information Technology concepts such as TCP/IP networking, Windows & Active Directory, Unix/Linux, Mainframe, Cloud Service Providers, Relational Databases, Data Warehouses, and filesystems
  • Knowledge of IT technologies and methods to secure them i.e. databases, SharePoint, storage area networks and cloud-based storage.
Benefits
  • Great compensation package and discretionary bonus plan
  • Core benefits include pension, bupa healthcare, sharesave scheme and more
  • 25 days annual leave with 8 bank holidays and 3 volunteering days. You can purchase additional annual leave.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
offensive securityadversary simulationnetwork penetration testingweb application penetration testingsocial engineering assessmentsexploit developmentcloud securityAI Red Teamingprogramming languagesTCP/IP networking
Soft skills
collaborationcommunicationrisk understandingeducationresearch
Certifications
OSCPOSCEOSWEGPENGCIHGWAPTGXPN