Lead Offensive Security Engineer

Summary

Join Praetorian, a cybersecurity company, and lead technical execution of challenging offensive security projects focused on Cloud Security. Work alongside top minds in the industry, solving complex security problems for prominent clients. Contribute to novel mitigation strategies and develop comprehensive reports. Mentor other engineers and collaborate with the security community. This role requires extensive cloud security experience, specific certifications, and a passion for cybersecurity. Praetorian offers competitive salaries, equity, learning opportunities, and comprehensive benefits.

Requirements

• Demonstrated passion for cybersecurity
• BS in Computer Science, Engineering, Mathematics, or Physics or equivalent experience
• 5+ years of Cloud Security experience in AWS, Azure and/or GCP
• Understanding of threat models, attack paths and intelligence considerations within the scoping of technical projects
• Ability to write technical reports and present technical findings both internally and externally
• Additional experience in at least 3 of the following: Product Security Testing (Application, Mobile, LLM)
• Network Security Testing and/or Red Team
• Web Application Penetration Testing
• IoT Security (Embedded, Firmware, Wireless)
• Secure Code Review
• Reverse Engineering
• Vulnerability Research/ Exploit Development
• Experience with startup and/or high-tech companies
• Familiarity with container orchestration technologies such as Kubernetes
• OSCP, AWS Security Specialty, Azure Security AZ-500, GCP Pro Security, GCP Pro DevOps, Azure AZ-400, AWS DevOps Pro, CKA, CKS OSCE, OSEE, or OSWE certifications

Responsibilities

• Lead the technical execution of challenging offensive security projects focused on Cloud Security for our customers
• Identify nuanced vulnerabilities in cloud environments
• Develop custom methodologies, payloads, exploits, and tools to ensure project success
• Develop documentation for novel mitigation strategies to emerging or undocumented security risks identified in client environments
• Develop comprehensive reports and presentations for our customers
• Serve as a mentor to other engineers in their technical and professional development
• Collaborate with the security community to develop novel attack techniques, tactics, and procedures (TTPs) through Praetorian’s Security Blog and other forms of community engagement

Preferred Qualifications

• Prior security consulting experience
• Software or web application development experience in multiple languages
• Experience with cutting edge technology stacks and modern security technologies
• Advanced technical knowledge in any of the following: Exploit development beyond Windows and for MacOS X or Linux
• Reverse engineering malware, data obfuscators, or ciphers
• Software maturity models such as OpenSAMM, BSIMM, and SDL
• Identity technologies for Azure AD, Auth0, Firebase, OKTA, or Google Identity
• Secrets management such as Hashicorp Vault and cloud native KMSs
• Containerization technologies such as Docker and registry platforms such as DockerHub, ACR, ECR, & GCR
• Orchestration technologies such as Kubernetes and cluster management platforms such as AKS, EKS, & GKE
• Command and control channel frameworks and deployment
• Automotive security, ICS/SCADA, Network device security, Medical device security, Home automation security, and/or cryptocurrency wallet security
• Hardware RE, software RE, firmware analysis, embedded cryptography, wireless protocols, Software-defined radio, glitching, side-channel analysis, and/or IoT PaaS and similar technologies
• Capture-the-flag, CCDC, CPTC or other security related competitions
• Ranked achievements on testing platforms such as Hack the Box, Tryhackme, Portswigger, Proving Ground and similar
• Pursuit of advanced learning opportunities via security training courses, conferences, personal projects and similar
• Track record in vulnerability research and CVE assignments
• Security community experience via presentations, conference attendance, blogs, white papers and similar
• OSCE, OSEP, OSED, CRTO, cloud certifications and similar
• Ability to travel up to 15% to support client engagements

Benefits

• Competitive salary
• Equity Incentive Plan, offering ownership stakes in the company
• Continuous learning opportunities through our internal Learning & Development (L&D) program, including training, certifications, and conferences to support your career growth
• Recognition and rewards for speaking engagements at industry events and conferences
• Comprehensive health and dental insurance coverage
• Immediate 401(k) matching
• Paid maternity and paternity leave