Offensive Security Specialist - Innovation & Research

The Offensive Security Specialist – Innovation & Research is responsible for a dual function: spearheading advanced, impactful offensive security testing engagements and aiding in the organization’s innovative and intellectual property pursuits. This role demands a diverse array of technical proficiency in penetration testing, red teaming, and adversarial simulation, paired with an innovative mindset to craft new tools, strategies, and internal cybersecurity solutions.

This role enhances the organization’s offensive capabilities by identifying vulnerabilities, simulating real-world threats, and fostering ongoing improvement via research, automation, and collaboration within the broader security landscape.

Key Responsibilities:

1. **Offensive Testing and Red Teaming**

• Design and conduct complex penetration tests, red-team evaluations, and adversary emulation activities across on-premise, cloud, and hybrid infrastructures.
• Execute detailed security assessments of networks, applications, APIs, endpoints, and industrial systems (IT/OT).
• Lead threat-driven testing aligned with frameworks like MITRE ATT&CK, TIBER-EU, and NCSC GBEST.
• Create and execute covert attack paths, privilege escalation sequences, and persistence mechanisms that mimic advanced threat actors.
• Collaborate with blue-team operations to confirm detections, bolster incident response readiness, and enhance purple-team dynamics.
• Document findings clearly with an emphasis on technical and business impacts, offering actionable remediation paths.

2. **Research and Innovation**

• Investigate new offensive strategies, zero-day attack methodologies, and adversarial TTPs to enhance the organization’s security posture.
• Architect and develop internal offensive tools, automation scripts, and frameworks to improve testing efficacy and precision.
• Work alongside the Innovation & IP team to convert offensive research results into internal products, prototypes, or reusable frameworks.
• Examine uses of AI/ML in offensive simulation, exploit detection, and automated threat emulation.
• Draft internal whitepapers, playbooks, and educational modules to consistently elevate the organization’s offensive security standards.

3. **Inter-Team Collaboration**

• Engage closely with Threat Intelligence, Blue Team, and Detection Engineering teams to synchronize attack and defense strategies.
• Provide specialized input in threat modeling, detection logic validation, and testing the effectiveness of security controls.
• Assist in developing ongoing security validation and breach simulation abilities.
• Participate in security architecture reviews and red-team preparedness evaluations across significant business platforms.

Required Skills and Qualifications:

**Technical Skills**

• Proven practical experience in penetration testing and red team engagements across infrastructure, application, cloud, and Active Directory landscapes.
• Comprehensive understanding of adversarial simulations, attack life cycles, and evasion tactics.
• Skilled in tools such as Cobalt Strike, Metasploit, Burp Suite, BloodHound, Empire, Covenant, and bespoke offensive frameworks.
• Proficient in scripting and automation using Python, PowerShell, or Bash.
• Experience with exploit development, reverse engineering, or the offensive application of AI/ML technologies is advantageous.
• Awareness of DevSecOps, CI/CD processes, and attack surface management tools is preferred.

**Professional Experience**

• Generally, 5 to 8 years in offensive security roles, encompassing red teaming or penetration testing within consultancy, MSSP, or in-house security teams.
• A history of leading or significantly contributing to intricate security testing assignments.
• Prior engagement in research or tool innovation initiatives that resulted in internal or external IP.
• Certifications such as OSCP, OSEP, OSWE, CRTO, or equivalent experience are essential; OSED or comparable exploit development certifications are a plus.

**Personal Attributes**

• A creative, analytical thinker with a systematic approach to problem-solving.
• Exceptional communication and report-writing skills to translate technical findings into accessible business risk narratives.
• A collaborative individual capable of operating effectively across various teams and fluid work settings.
• Self-driven, research-focused, and passionate about continual growth in the field of offensive security.

This position is exclusively available to citizens of the UK, US, Canada, or EU member states, in compliance with contractual stipulations.