Offensive Security Engineer

Offensive Security Engineer

Position Overview

Degreed is the upskilling platform that fuels growth and innovation through lifelong learning. We bring together everything you need to learn and advance: LMSs, courses, videos, articles, projects, and real-world skill insights, matching you with opportunities that align with your skills, role, and goals. For businesses, Degreed helps build a culture of learning that attracts, develops, and retains top talent, driving both individual and company success. We believe learning is the key to unlocking opportunities. Our mission is to discover, empower, and celebrate the next generation of global expertise. Join us in shaping the future of learning and workforce development!

As an Offensive Security Engineer, you’ll play a key role in helping Degreed stay ahead of evolving threats. You’ll lead and execute red team engagements, penetration tests, and threat simulations to uncover and validate vulnerabilities across our cloud, application, and infrastructure environments. You’ll collaborate closely with security operations, detection, and engineering teams to translate findings into real improvements, strengthening our defenses and making a measurable impact on how we protect our people, data, and platform.

Key Skills

• 3–5 years of experience in offensive security, penetration testing, or red teaming roles.
• Demonstrated ability to exploit systems ethically and communicate technical risk to engineering and business teams.
• Hands-on experience with offensive tools such as Cobalt Strike, Metasploit, Burp Suite, or custom-built tools.
• Solid understanding of attack chains across cloud (Azure/AWS), infrastructure, endpoints, and APIs.
• Familiarity with MITRE ATT&CK, OWASP Top 10, and post-exploitation techniques.

Nice to Have

• Certifications such as OSCP, CRTO, GPEN, or similar red team/pentest credentials.
• Experience with scripting and automation (e.g., PowerShell, Python).
• Exposure to threat detection engineering and EDR/XDR technologies (e.g., Defender, SentinelOne, Splunk).
• Participation in bug bounty programs, CTF competitions, or community red teaming engagements.
• Knowledge of secure software development practices and DevSecOps concepts.

Key Responsibilities

Red Teaming & Offensive Security

• Plan and execute offensive assessments, including internal/external pen tests, phishing campaigns, and assumed breach exercises.
• Simulate real-world threats using frameworks like MITRE ATT&CK, performing lateral movement, privilege escalation, and safe data access operations.
• Build and maintain red team infrastructure, tools, and custom payloads to test and enhance detection and response capabilities.

Vulnerability Validation & Testing

• Validate vulnerabilities to assess true risk and support prioritized remediation.
• Perform manual and automated testing of APIs, cloud environments, apps, and internal systems.
• Collaborate with detection engineers to fine-tune alerts and improve visibility into adversarial behaviors.

Security Hardening & Collaboration

• Identify control gaps and advise infrastructure and DevOps teams on remediation and hardening.
• Support purple team exercises and secure architecture reviews with offensive security insights.
• Share findings, attack paths, and recommendations through well-documented post-exercise reports.

Performance Expectations

• Deliver red team findings that drive measurable risk reduction.
• Regularly conduct assessments with clear reporting and responsible disclosure.
• Partner cross-functionally to strengthen detection, response, and resilience.
• Maintain a proactive mindset and contribute to a culture of continuous security improvement.

Compensation

We are committed to fair and equitable compensation practices. The total pay range for this role is $150,000 - $185,000. Actual compensation packages are based on several factors that are unique to each candidate, including but not limited to: skill set, depth of experience, certifications.

Employment Type

• [Employment Type Not Specified]

Location Type

• [Location Type Not Specified]