Offensive Security Engineer

Summary

Join Degreed as an Offensive Security Engineer and play a key role in protecting our platform. Lead and execute red team engagements, penetration tests, and threat simulations to identify vulnerabilities. Collaborate with security teams to translate findings into actionable improvements. Validate vulnerabilities, perform testing across various systems, and advise on remediation. Deliver findings that drive measurable risk reduction and contribute to a culture of continuous security improvement. The role requires 3–5 years of experience in offensive security and hands-on experience with offensive tools. Compensation is $150,000 - $185,000, with benefits including a comprehensive package supporting well-being and growth.

Requirements

• 3–5 years of experience in offensive security, penetration testing, or red teaming roles
• Demonstrated ability to exploit systems ethically and communicate technical risk to engineering and business teams
• Hands-on experience with offensive tools such as Cobalt Strike, Metasploit, Burp Suite, or custom-built tools
• Solid understanding of attack chains across cloud (Azure/AWS), infrastructure, endpoints, and APIs
• Familiarity with MITRE ATT&CK, OWASP Top 10, and post-exploitation techniques

Responsibilities

• Red Teaming & Offensive Security Plan and execute offensive assessments, including internal/external pen tests, phishing campaigns, and assumed breach exercises
• Simulate real-world threats using frameworks like MITRE ATT&CK, performing lateral movement, privilege escalation, and safe data access operations
• Build and maintain red team infrastructure, tools, and custom payloads to test and enhance detection and response capabilities
• Vulnerability Validation & Testing Validate vulnerabilities to assess true risk and support prioritized remediation
• Perform manual and automated testing of APIs, cloud environments, apps, and internal systems
• Collaborate with detection engineers to fine-tune alerts and improve visibility into adversarial behaviors
• Security Hardening & Collaboration Identify control gaps and advise infrastructure and DevOps teams on remediation and hardening
• Support purple team exercises and secure architecture reviews with offensive security insights
• Share findings, attack paths, and recommendations through well-documented post-exercise reports
• Performance Expectations Deliver red team findings that drive measurable risk reduction
• Regularly conduct assessments with clear reporting and responsible disclosure
• Partner cross-functionally to strengthen detection, response, and resilience
• Maintain a proactive mindset and contribute to a culture of continuous security improvement

Preferred Qualifications

• Certifications such as OSCP, CRTO, GPEN, or similar red team/pentest credentials
• Experience with scripting and automation (e.g., PowerShell, Python)
• Exposure to threat detection engineering and EDR/XDR technologies (e.g., Defender, SentinelOne, Splunk)
• Participation in bug bounty programs, CTF competitions, or community red teaming engagements
• Knowledge of secure software development practices and DevSecOps concepts

Benefits

• We take care of our people with a comprehensive benefits package designed to support your well-being, growth, and success
• View the full details here: https://px.sequoia.com/globalcompanybenefits
• The total pay range for this role is $150,000 - $185,000
• Actual compensation packages are based on several factors that are unique to each candidate, including but not limited to: skill set, depth of experience, certifications, and specific work location
• Degreed offers flexible work arrangements tailored to each role
• Some positions are fully remote , while others follow a hybrid model for employees near an office