Offensive Security

Role Overview

We are looking for a
technical Offensive Security (OffSec) professional
with deep expertise in simulating adversary tradecraft. This individual will execute advanced penetration testing, red team engagements, and exploit development to identify and demonstrate risk across enterprise systems, applications, and cloud infrastructure.

Core Responsibilities

• Perform
  end-to-end penetration testing
  of:
• External & internal networks (AD, Kerberos, lateral movement)
• Web applications & APIs (injection, deserialization, authentication bypass)
• Mobile applications (reverse engineering, dynamic analysis, API fuzzing)
• Cloud environments (IAM privilege escalation, misconfig exploitation, persistence mechanisms in AWS/Azure/GCP)
• Conduct
  red team operations
  :
• Initial access: spear-phishing, payload development, maldoc creation
• Post-exploitation: privilege escalation, credential dumping, Kerberos attacks (Pass-the-Hash, Silver/Golden Tickets), domain dominance
• Command & control (C2): configuring and operating frameworks (Cobalt Strike, Mythic, Sliver) with custom OPSEC profiles
• Detection evasion: LOLBins, obfuscation, living-off-the-land, AV/EDR bypass
• Develop
  custom exploits and tooling
  :
• PoC exploits for CVEs and zero-days
• Payloads in Python, C/C++, PowerShell, Go, and Rust
• Automation for reconnaissance, lateral movement, and persistence
• Execute
  adversary emulation
  aligned to
  MITRE ATT&CK
  and
  threat actor TTPs
  .
• Deliver
  technical reporting
  :
• Attack chain diagrams, proof-of-concept exploit code, reproducible steps
• Recommendations mapped to
  NIST 800-53, CIS, OWASP, and cloud benchmarks

Technical Skill Requirements

• Strong in
  network exploitation
  :
• SMB, RDP, Kerberos, LDAP, DNS tunneling, lateral movement
• Proficiency with
  offensive security tools
  :
• Burp Suite Pro, Nmap, Metasploit, Cobalt Strike, BloodHound/SharpHound, Covenant, CrackMapExec, Mimikatz, Responder, Empire
• Cloud attack expertise
  :
• Exploiting misconfigured IAM roles/policies
• Abusing serverless (Lambda, Functions) and storage (S3 buckets, Blob)
• Implementing persistence and privilege escalation in cloud environments
• Reverse engineering & exploit dev
  :
• Disassemblers/debuggers (IDA Pro, Ghidra, x64dbg, WinDbg, OllyDbg)
• Exploit techniques: buffer overflows, ROP chains, format string exploits
• Familiarity with Windows internals and Linux syscall exploitation
• Scripting & programming
  :
• Python, PowerShell, Bash, C, Go, Rust
• Bypass techniques
  :
• EDR evasion, DLL sideloading, reflective injection, AMSI bypass, sandbox evasion

Certifications (Strong Plus)

• OSCP / OSEP / OSCE / OSEE
• CRTO / CRTP / CRTE (Red Team)
• SANS GPEN / GXPN / GREM
• Experience in
  real-world red team ops or bug bounty P1 findings