- Job Title: Offensive Security/Penetration Tester
- Industry: SaaS
- Duration: 3 months w/ possibility of extension
- Location: Remote
- Target Start Date: 6/22/26
- Openings: 1
Job Description:
Offensive Security/Penetration Tester
Location: Remote
3-month contract
About
The Security Research & Innovation (SRI) team within Global Security is a high-impact, automation-first security organization responsible for vulnerability management, security research, and offensive operations. This team has an exceptional automation culture — all team members build production automation that eliminates manual work at scale.
The Penetration team conducts various styles of external or assume breach exercises, purple team engagements, and offensive security research to identify systemic risks before attackers do. Successful engagements deliver results that lead to executive-level engagement to drive immediate remediation across the enterprise.
Role Summary
We are seeking a Senior Offensive Security Operator to lead and execute penetration team engagements across our client’s multi-cloud enterprise environment or other engagements as needed. This role combines deep technical expertise in offensive security with a strong emphasis on AI-powered automation, autonomous testing frameworks, and scalable attack simulation. You will design and execute complex attack scenarios, develop AI-enhanced offensive tooling, and deliver findings that drive measurable risk reduction across the organization.
Key Responsibilities
Offensive Operations (50%)
- Conduct M&A security assessments for newly acquired companies and integrations
- Plan and execute full-scope penetration team engagements (network, application, cloud, social engineering) against our client’s production and corporate environments
- Conduct assume-breach exercises targeting multi-tenant infrastructure to validate cross-tenant isolation and breakout resistance
- Perform adversary emulation aligned with MITRE ATT&CK framework, simulating nation-state and criminal threat actor TTPs relevant to the HCM/payroll industry
- Execute purple team exercises with the SOC to validate detection coverage and response capabilities
- Deliver executive-level readouts and technical reports that translate offensive findings into business risk language
AI-Powered Offensive Automation (30%)
- Design, build, and maintain autonomous security testing frameworks that leverage AI/ML for vulnerability discovery, exploit chain generation, and attack path analysis
- Develop AI-assisted reconnaissance and target enumeration tools using LLMs (Claude) and custom agents for scalable attack surface analysis
- Build and operate continuous automated penetration teaming pipelines that test defenses without manual intervention
- Create AI-powered C2 frameworks, payload generators, and evasion tools that adapt to defensive controls in real-time
- Integrate offensive tooling with Claude, MCP servers, and enterprise AI infrastructure for AI-assisted security operations
- Develop automation that generates findings, routes tickets, and tracks remediation — reducing the gap between discovery and fix
Strategic Leadership (10%)
- Drive the penetration team's technical strategy and roadmap, identifying high-value targets and emerging attack surfaces (Product, Custom AI, and cloud-native services)
- Represent the penetration team in cross-functional security initiatives, architecture reviews, and incident response when offensive expertise is needed
- Maintain awareness of emerging threats, zero-day vulnerabilities, and adversary tradecraft relevant to clients’ technology stack
Research & Knowledge Sharing (10%)
- Publish internal research on novel attack techniques, AI-assisted exploitation, and cloud security assessment methodology
- Contribute to the team's Claude Code skills store and shared automation repositories
- Develop and maintain penetration team infrastructure (honeypots, C2, phishing platforms) using infrastructure-as-code
- Stay current on offensive security conferences, findings, etc – and incorporate new techniques into operations
Required Qualifications
- 4+ years of experience in offensive security, penetration teaming, or penetration testing in enterprise environments
- Deep expertise in at least 3: network exploitation, web application security, Active Directory attacks, cloud infrastructure attacks, social engineering, physical security
- Strong proficiency in AI, Python, Go, or C/C++ for offensive tool development and automation
- Demonstrated experience building automated security testing tools, frameworks, or pipelines
- Experience with Kubernetes, container security, and cloud-native attack techniques
- Experience with C2 frameworks and adversary simulation platforms
- Knowledge of MITRE ATT&CK framework and adversary emulation methodology
- Experience with AI/ML security — attacking AI systems, prompt injection, model poisoning, or building AI-powered offensive tools
- Experience developing autonomous security testing agents using LLMs
- Excellent written and verbal communication skills — ability to translate technical findings into business risk for executive audiences
- Bachelor's degree in Computer Science, Cybersecurity, or equivalent experience
Preferred Qualifications
- Published CVEs, security research papers, or conference presentations (DEF CON, Black Hat, etc.)
- Experience in SaaS/multi-tenant environments processing sensitive data (HCM, payroll, healthcare, financial)
- OSCP, OSCE, OSEP, CRTO, GXPN, or equivalent offensive security certifications
- Familiarity with .NET, Java/Kotlin, and legacy application security assessment
- Experience building infrastructure-as-code (Terraform, Pulumi) for penetration team operations
Submission Template:
- Candidate Full Name:
- Current Location (City/State):
- Candidate Phone #:
- Candidate Email:
- Rate:
- Notice Period (i.e none, 1 week, 2 weeks’):
- MM/DD birth
- Last 3 SSN
- Why new opportunities?
- Top 2 professional achievements
- List Tech Skills:
- Legally authorized to work in the US (Yes/No):
