Job Description:
• Proactively identifying, testing, and mitigating security gaps within the organization’s digital estate.
• Review organizational security policies, standards, and procedures.
• Analyze existing cybersecurity architecture to identify design flaws.
• Collaborate with security architects and engineering teams.
• Design and execute continuous control validation programs.
• Perform proactive exercises and threat hunts to identify failures.
• Simulate real-world attack scenarios to validate controls.
• Translate findings into actionable remediation plans.
• Track and report on the Time to Detect and Time to Remediate metrics.
• Serve as the internal subject matter expert on offensive security techniques.
Requirements:
• 8–10 years of hands-on experience in cybersecurity, with a specific focus on penetration testing, threat hunting, or security architecture.
• Proven experience in reviewing and auditing security policies and technical architectures for enterprise environments.
• Experience with Breach and Attack Simulation (BAS) tools (e.g., AttackIQ, Cymulate) or manual emulation frameworks (e.g., Atomic Red Team, MITRE CALDERA).
• Deep understanding of the MITRE ATT&CK framework and how to map specific controls to adversary tactics.
• Proficiency in scripting languages (Python, PowerShell, Bash) for automating hunts and validation tests.
• Strong knowledge of operating system internals (Windows, Linux) and network protocols (TCP/IP, DNS, HTTP/S).
• Familiarity with security control platforms (SIEM, EDR, IDS/IPS, Firewalls) and how to bypass or test them.
• Must hold at least one advanced certification such as OSCP (Offensive Security Certified Professional), GPEN (GIAC Penetration Tester), CEH (Certified Ethical Hacker) Practical, or CompTIA PenTest+.
Benefits:
• Health insurance
• 401(k) matching
• Flexible work hours
• Paid time off
• Remote work options