Senior Offensive Security Operator

Role: Senior Offensive Security Operator (AI-Driven Penetration Testing)

Location: Fully Remote (US)
Duration: 3-Month Contract (Potential Extension)
Schedule: Monday-Friday, 8:00 AM - 5:00 PM EST (40 hours/week)

About the Role

Our client is seeking a highly skilled Senior Offensive Security Operator to join its Security Research & Innovation (SRI) team within Global Security. This high-impact, automation-first organization focuses on vulnerability management, offensive security operations, security research, and enterprise-scale automation.

The ideal candidate will possess deep offensive security expertise combined with strong experience building AI-powered automation frameworks, autonomous testing systems, and advanced attack simulation capabilities. This role offers the opportunity to proactively identify systemic risks across a complex multi-cloud enterprise environment and drive meaningful security improvements at scale.

Key Responsibilities

Offensive Security Operations (50%)

• Conduct security assessments for mergers, acquisitions, and newly integrated organizations.
• Plan and execute comprehensive penetration testing engagements across:
• Networks
• Web and mobile applications
• Cloud environments
• Social engineering scenarios
• Perform assume-breach exercises against multi-tenant infrastructure to validate tenant isolation and resistance to lateral movement.
• Execute adversary emulation engagements aligned with the MITRE ATT&CK framework, replicating real-world nation-state and cybercriminal tactics.
• Lead purple-team exercises in collaboration with Security Operations Center (SOC) teams.
• Deliver executive-level presentations and technical reports that clearly communicate business risk and remediation priorities.

AI-Powered Offensive Automation (30%)

• Design and develop autonomous security testing frameworks utilizing AI/ML technologies.
• Build AI-assisted reconnaissance, attack surface management, and target enumeration tools using Large Language Models (LLMs) and custom AI agents.
• Develop continuous automated penetration testing pipelines that operate with minimal human intervention.
• Create advanced offensive tooling, including:
• AI-enhanced Command & Control (C2) frameworks
• Payload generation platforms
• Evasion and adaptive attack capabilities
• Integrate offensive security tools with enterprise AI infrastructure, LLM platforms, and MCP servers.
• Automate security findings generation, ticket creation, remediation tracking, and reporting workflows.

Strategic Security Leadership (10%)

• Influence and drive the penetration testing roadmap and technical strategy.
• Identify emerging attack surfaces involving cloud-native applications, AI platforms, and enterprise products.
• Participate in architecture reviews, security initiatives, and incident response activities requiring offensive security expertise.
• Maintain awareness of emerging threats, zero-day vulnerabilities, and evolving adversary techniques.

Research & Innovation (10%)

• Conduct and publish internal research on:
• Novel attack methodologies
• AI-assisted exploitation techniques
• Cloud security assessment practices
• Contribute to shared automation repositories and security tooling libraries.
• Maintain penetration testing infrastructure using Infrastructure-as-Code (IaC) practices.
• Continuously evaluate new offensive security tools, techniques, and industry research.

Required Qualifications

• 4+ years of experience in offensive security, red teaming, penetration testing, or adversary simulation within enterprise environments.
• Deep expertise in at least three of the following areas:
• Network exploitation
• Web application security
• Active Directory attacks
• Cloud infrastructure attacks
• Social engineering
• Physical security assessments
• Strong programming skills in one or more of the following:
• Python
• Go
• C/C++
• Experience developing automated security testing frameworks, pipelines, or offensive security tools.
• Hands-on experience with:
• Kubernetes
• Container security
• Cloud-native attack techniques
• Experience with Command & Control (C2) frameworks and adversary simulation platforms.
• Strong understanding of MITRE ATT&CK and threat emulation methodologies.
• Experience with AI/ML security concepts, including:
• Prompt injection
• Model poisoning
• AI system exploitation
• AI-assisted offensive tooling
• Experience building autonomous security testing agents leveraging LLMs.
• Excellent communication and presentation skills with the ability to communicate technical findings to executive stakeholders.
• Bachelor''s degree in Computer Science, Cybersecurity, Information Security, or equivalent practical experience.

Preferred Qualifications

• Published CVEs, security research papers, blogs, or conference presentations (DEF CON, Black Hat, BSides, etc.).
• Experience securing SaaS and multi-tenant environments handling sensitive business data.
• Offensive security certifications such as:
• OSCP
• OSCE
• OSEP
• CRTO
• GXPN
• Equivalent advanced certifications
• Familiarity with:
• .NET
• Java/Kotlin
• Legacy application security assessments
• Experience utilizing Infrastructure-as-Code technologies such as Terraform or Pulumi to support offensive security operations.