Senior Offensive Security Operator

Role: Senior Offensive Security Operator (AI-Driven Penetration Testing)

Location: Fully Remote (US)

Duration: 3-Month Contract (Potential Extension)

Schedule: Monday-Friday, 8:00 AM - 5:00 PM EST (40 hours/week)

About the Role

Our client is seeking a highly skilled Senior Offensive Security Operator to join its Security Research & Innovation (SRI) team within Global Security. This high-impact, automation-first organization focuses on vulnerability management, offensive security operations, security research, and enterprise-scale automation.

The ideal candidate will possess deep offensive security expertise combined with strong experience building AI-powered automation frameworks, autonomous testing systems, and advanced attack simulation capabilities. This role offers the opportunity to proactively identify systemic risks across a complex multi-cloud enterprise environment and drive meaningful security improvements at scale.

Key Responsibilities

Offensive Security Operations (50%)

- Conduct security assessments for mergers, acquisitions, and newly integrated organizations.

- Plan and execute comprehensive penetration testing engagements across:

- Networks

- Web and mobile applications

- Cloud environments

- Social engineering scenarios

- Perform assume-breach exercises against multi-tenant infrastructure to validate tenant isolation and resistance to lateral movement.

- Execute adversary emulation engagements aligned with the MITRE ATT&CK framework, replicating real-world nation-state and cybercriminal tactics.

- Lead purple-team exercises in collaboration with Security Operations Center (SOC) teams.

- Deliver executive-level presentations and technical reports that clearly communicate business risk and remediation priorities.

AI-Powered Offensive Automation (30%)

- Design and develop autonomous security testing frameworks utilizing AI/ML technologies.

- Build AI-assisted reconnaissance, attack surface management, and target enumeration tools using Large Language Models (LLMs) and custom AI agents.

- Develop continuous automated penetration testing pipelines that operate with minimal human intervention.

- Create advanced offensive tooling, including:

- AI-enhanced Command & Control (C2) frameworks

- Payload generation platforms

- Evasion and adaptive attack capabilities

- Integrate offensive security tools with enterprise AI infrastructure, LLM platforms, and MCP servers.

- Automate security findings generation, ticket creation, remediation tracking, and reporting workflows.

Strategic Security Leadership (10%)

- Influence and drive the penetration testing roadmap and technical strategy.

- Identify emerging attack surfaces involving cloud-native applications, AI platforms, and enterprise products.

- Participate in architecture reviews, security initiatives, and incident response activities requiring offensive security expertise.

- Maintain awareness of emerging threats, zero-day vulnerabilities, and evolving adversary techniques.

Research & Innovation (10%)

- Conduct and publish internal research on:

- Novel attack methodologies

- AI-assisted exploitation techniques

- Cloud security assessment practices

- Contribute to shared automation repositories and security tooling libraries.

- Maintain penetration testing infrastructure using Infrastructure-as-Code (IaC) practices.

- Continuously evaluate new offensive security tools, techniques, and industry research.

Required Qualifications

- 4+ years of experience in offensive security, red teaming, penetration testing, or adversary simulation within enterprise environments.

- Deep expertise in at least three of the following areas:

- Network exploitation

- Web application security

- Active Directory attacks

- Cloud infrastructure attacks

- Social engineering

- Physical security assessments

- Strong programming skills in one or more of the following:

- Python

- Go

- C/C++

- Experience developing automated security testing frameworks, pipelines, or offensive security tools.

- Hands-on experience with:

- Kubernetes

- Container security

- Cloud-native attack techniques

- Experience with Command & Control (C2) frameworks and adversary simulation platforms.

- Strong understanding of MITRE ATT&CK and threat emulation methodologies.

- Experience with AI/ML security concepts, including:

- Prompt injection

- Model poisoning

- AI system exploitation

- AI-assisted offensive tooling

- Experience building autonomous security testing agents leveraging LLMs.

- Excellent communication and presentation skills with the ability to communicate technical findings to executive stakeholders.

- Bachelor''s degree in Computer Science, Cybersecurity, Information Security, or equivalent practical experience.

Preferred Qualifications

- Published CVEs, security research papers, blogs, or conference presentations (DEF CON, Black Hat, BSides, etc.).

- Experience securing SaaS and multi-tenant environments handling sensitive business data.

- Offensive security certifications such as:

- OSCP

- OSCE

- OSEP

- CRTO

- GXPN

- Equivalent advanced certifications

- Familiarity with:

- .NET

- Java/Kotlin

- Legacy application security assessments

- Experience utilizing Infrastructure-as-Code technologies such as Terraform or Pulumi to support offensive security operations.