RD Saúde

Staff Offensive Security Engineer – Purple Team

RD Saúde

full-time

Posted on:

Location Type: Hybrid

Location: São PauloBrazil

Visit company website

Explore more

AI Apply
Apply

Job Level

Lead

Tech Stack

AWSAzureCloudGoogle Cloud PlatformLinuxPython

About the role

  • Act as a Staff Offensive Security Engineer in Adversary Emulation & Purple Engineering, performing adversary emulations and scheduled offensive tests to measure, improve, and continuously sustain the effectiveness of prevention, detection, and response.
  • Define and maintain the Purple Team / Adversary Emulation strategy and roadmap (objectives, scope, rules of engagement, communication, and governance).
  • Plan and execute scheduled adversary emulation exercises based on TTPs (MITRE ATT&CK) and threat intelligence, focusing on continuous improvement (detection, response, hardening, and automation).
  • Develop Adversary Emulation Plans and realistic attack scenarios, prioritized by risk/criticality and aligned with business context.
  • Conduct ad-hoc offensive tests (e.g., exposure validation, controlled exploitation, identity abuse, lateral movement, and simulated exfiltration) in a safe and authorized manner.
  • Work side-by-side with the Cyber Defense Center (CDC) to validate detection hypotheses, telemetry gaps, alert quality, and response times; support the evolution of playbooks.
  • Support the Automation Core in automating collections, simulations, instrumentation, and continuous validation (detection-as-code, pipelines, and repeatable tests).
  • Produce detection engineering artifacts (e.g., Sigma/KQL/SPL rules, correlations, logging requirements) and actionable recommendations (mitigations and reconfigurations).
  • Conduct debrief sessions, lessons learned, evidence recording, and retests to validate fixes and the evolution of the defensive posture.
  • Define metrics and executive/technical reports (e.g., ATT&CK coverage, detection rate, telemetry gaps, control effectiveness) and track action plans.
  • Technical management of vendors and service providers (scope, quality, evidence, SLAs, validation and acceptance), ensuring adherence to rules of engagement and improvement objectives.
  • Act as a technical reference, supporting the foundation of the area, internal training, and the definition of standards and best practices.

Requirements

  • Bachelor's degree completed.
  • Solid experience in Offensive Security: red team, pentest, war games, adversary emulation and/or purple teaming.
  • Proven practice in conducting Purple Team exercises with effective collaboration between offensive and defensive teams, turning findings into verifiable improvements.
  • Mastery of MITRE ATT&CK (tactics/techniques/TTPs) and ability to structure emulation plans and scenarios based on reports and evidence.
  • Practical knowledge of emulation and post-exploitation tools and techniques in corporate environments (with safety and authorization), plus strong fundamentals in networking, Windows/Linux, and identity.
  • Experience in detection engineering (rules/queries, correlation, telemetry and logging) and integration with SIEM/EDR/XDR and automation/SOAR.
  • Ability to operate with governance: rules of engagement, operational risk management of tests, documentation, evidence, and reporting.
  • Experience managing technical vendors and service delivery (defining scope, validating deliverables and acceptance).
  • Certifications: OSCP/OSCE, GXPN/GPEN, GCIH/GCIA, CRTO, and/or MITRE ATT&CK Defender / Purple Teaming.
  • Experience with emulation platforms (MITRE Caldera), Atomic Red Team, and developing automations/scripts (Python/PowerShell).
  • Knowledge of cloud offensive security (Azure/AWS/GCP) and identity attacks (AD/Azure AD/Entra).
  • Experience building a program (templates, cadence, metrics, governance) and executive presentations.
Benefits
  • Profit Sharing (PPR)
  • Medical Insurance
  • Dental Insurance
  • On-site Cafeteria
  • Life Insurance
  • Commuter/Transportation Allowance
  • Pharmacy Benefit
  • Partnerships with Partner Companies
  • Gym Assistance (Wellhub)
  • Holiday Food Basket
  • Career Path
  • Extended Maternity and Paternity Leave
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
Offensive Securityadversary emulationPurple Team exercisesMITRE ATT&CKdetection engineeringnetworkingWindowsLinuxemulation toolsautomation
Soft Skills
collaborationcommunicationtechnical managementdocumentationevidence recordingreportingcontinuous improvementtraininggovernancerisk management
Certifications
OSCPOSCEGXPNGPENGCIHGCIACRTOMITRE ATT&CK DefenderPurple Teaming