Information Security – Offensive Security Analyst

Title: Information Security – Offensive Security Analyst
Location: Deerfield Beach, FL (Hybrid 3/2)
Duration: Direct Hire 
Compensation: $100,000 - $110,000
Work Requirements: , Holders or Authorized to Work in the U.S.

Information Security – Offensive Security Analyst

Description

The ideal candidate is someone with a strong software development or engineering background who is intentionally transitioning into the offensive security space. This role is well-suited for an individual who enjoys building systems, tooling, and automation, and wants to apply those skills to help design, scale, and modernize offensive security capabilities.

Success in this role comes from thinking like both an engineer and an attacker — identifying gaps not just in controls, but in how security capabilities themselves are constructed, integrated, and scaled.

This role is responsible for building and scaling offensive security capabilities through adversary-focused testing, attack simulation, and custom tooling and automation. The analyst will help shift the program from a primarily tool- and vendor-driven model toward a build-first approach, leveraging software engineering, automation, and AI-assisted techniques to increase coverage, depth, and repeatability of offensive security activities.

Responsibilities include but are not limited to

• Conduct offensive security activities including penetration testing, attack simulations, threat-based assessments, and control validation across on-prem, cloud, identity, and SaaS environments.
• Execute and assist in the development of red team and purple team exercises, collaborating with detection and response teams to validate defensive coverage.
• Perform vulnerability and exploitation analysis, including chaining weaknesses to demonstrate real-world attack paths and business risk.
• Identify, validate, and responsibly disclose security weaknesses to stakeholders, providing clear remediation guidance and risk context.
• Design, develop, and maintain custom offensive security tooling (Python, PowerShell, Bash, or similar), including frameworks, reusable modules, and automation that scale testing beyond point-in-time assessments.
• Evaluate when to build versus buy offensive security capabilities, with a bias toward internal tooling where it improves flexibility, visibility, or speed of iteration.
• Incorporate AI-assisted techniques (e.g., automation, chaining analysis, signal prioritization) to increase testing efficiency and analyst leverage
• Contribute documentation such as test reports, playbooks, findings templates, and executive-level summaries.
• Contribute to the long-term architecture of the offensive security program, including shared libraries, testing pipelines, data models, and reporting outputs optimized for reuse and scale.
• Mentor junior analysts and contribute to team knowledge sharing.
• Partner with application and platform engineering teams not only to test systems, but to co-design secure patterns, reference implementations, and reusable testing components.
• Build developer-consumable assets (templates, scripts, sample exploits, safe test harnesses) that enable teams to self-validate security assumptions earlier in the SDLC.
• Provide developer-friendly remediation guidance, proof-of-concepts, and secure coding recommendations that are actionable and aligned to real-world development workflows.
• Support the integration and tuning of security testing tools within CI/CD pipelines, balancing detection depth with developer experience and signal quality.
• Collaborate with Security Engineering and Application teams to improve self-service security capabilities, documentation, and testing patterns that developers can reuse.
• Participate in post-testing debriefs with developers to educate, coach, and improve security outcomes—not just report findings.

Desired Skills

• Hands-on experience with penetration testing, red team, purple team, or adversary emulation activities.
• Strong understanding of Windows, Active Directory, Azure/Entra ID, networking, cloud platforms, and SaaS architectures.
• Experience with common offensive security tools and frameworks (e.g., C2 frameworks, vulnerability scanners, exploit frameworks).
• Knowledge of MITRE ATT&CK, kill chains, and attacker tradecraft.
• Experience validating security controls such as EDR, SIEM, identity protections, email security, and cloud security controls.
• Strong scripting and automation skills; ability to customize or build tools to support testing objectives.
• Ability to translate technical findings into clear risk-based narratives for technical and non-technical audiences.
• Strong analytical, problem-solving, and critical-thinking skills.
• Ability to work independently while collaborating effectively in cross-functional teams.
• High attention to detail with a strong sense of ethics and responsible disclosure.
• Experience working directly with software engineers to remediate vulnerabilities and improve secure development practices.
• Understanding of modern SDLC and CI/CD pipelines, including how security testing fits into developer workflows.
• Familiarity with secure coding practices and common vulnerability classes in modern applications (web, APIs, cloud-native services).
• Ability to communicate security findings in a way that developers can quickly understand, prioritize, and fix.
• Mindset oriented toward enablement over enforcement, with a focus on reducing friction while improving security outcomes.
• Background in software engineering, platform engineering, or SRE, with a desire to specialize in security.
• Experience designing or maintaining production-quality code, not just scripts.
• Comfort working with APIs, data pipelines, CI/CD systems, and cloud-native services as part of security capability development.
• Curiosity and practical interest in applying AI/ML-assisted techniques to security testing, automation, and analysis.

About INSPYR Solutions
 
Technology is our focus and quality is our commitment. As a national expert in delivering flexible technology and talent solutions, we strategically align industry and technical expertise with our clients'' business objectives and cultural needs. Our solutions are tailored to each client and include a wide variety of professional services, project, and talent solutions. By always striving for excellence and focusing on the human aspect of our business, we work seamlessly with our talent and clients to match the right solutions to the right opportunities. Learn more about us at inspyrsolutions.com.
 
INSPYR Solutions provides Equal Employment Opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, or genetics. In addition to federal law requirements, INSPYR Solutions complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities.
 
#IND-TELECOM