Trace3 is hiring a
Sr. Offensive Engineer

Summary

The job is for a Senior Offensive Security Engineer at Trace3, a Transformative IT Authority. The role involves leading offensive security campaigns to improve clients' ability to protect, detect, and respond to cyber threats. The employee will perform penetration testing, develop scripts and tools, conduct IT application testing, and provide recommendations on security measures.

Requirements

• Bachelor’s degree in Engineering in Computer Science or Information Technology or a related technical field; or equivalent related professional experience
• Advanced understanding of one or more Unix/Linux/Mac/Windows operating systems
• 6-8 years' experience in at least three of the following: Red Team penetration test tools such as Kali, ParrotOS, Bloodhound, MetaSploit, BurpSuite, OWASP Zap, etc
• Expert knowledge of tools used for wireless, web application, and network security testing
• Expert knowledge of current web application structure and strong ability to test both modern and older web applications

Responsibilities

• Performs client penetration testing to find any vulnerabilities or weaknesses that might be exploited by a malicious party
• Assist in development of internal infrastructure design for research, development, and testing focused on offensive security
• Conducts periodic scans of networks to find and detect vulnerabilities
• Lead scoping engagements by clearly articulating various penetration approaches and methodologies to audiences ranging from highly technical to executive personnel
• Report generation that clearly communicates testing and assessment details, results, and remediation recommendations to clients
• Develop scripts, tools, and methodologies to automate and streamline internal processes and engagements
• Conduct IT application testing, cybersecurity tool and systems analysis, system and network administration, and systems engineering support for the sustainment of information technology systems
• Conduct cloud penetration testing engagements to assess specific workloads (i.e., AWS, GCP, Azure, containers, or other PaaS and SaaS instances) for vulnerabilities and subsequently attempt to exploit identified weakness after receiving permission from client stakeholders
• Provide recommendations to clients on specific security measures to monitor and protect sensitive data and systems from infiltration and cyber-attacks including response and recovery of a data security breach

Preferred Qualifications

• OSCP, OSCE, GXPN, PTX, WPTX, or MASPT certification(s) is a huge plus
• CISSP, CISM, CEH, or THP certification(s) preferred

Benefits

• Comprehensive medical, dental and vision plans for you and your dependents
• 401(k) Retirement Plan with Employer Match, 529 College Savings Plan, Health Savings Account, Life Insurance, and Long-Term Disability
• Competitive Compensation
• Training and development programs
• Wellness Program
• Stocked kitchen with snacks and beverages
• Collaborative and cool office culture
• Work-life balance and generous paid time off