Senior Offensive Security Engineer, Red Team at Procter & Gamble Company

Cincinnati, Ohio, United States

Not SpecifiedCompensation

Senior (5 to 8 years), Expert & Leadership (9+ years)Experience Level

Full TimeJob Type

UnknownVisa

Consumer Goods, Information Technology, CybersecurityIndustries

BA or BS degree in Information Security, Cyber Security, Computer Science, or related field (OR 7+ years of relevant experience required in lieu of a degree)
5+ years running offensive or emulation operations in large/complex environments, with demonstrated impact on detections/response
Expertise across 2+ domains: enterprise/web/mobile apps; identity; cloud (AWS/GCP/Azure); network/endpoint; IoT/OT; or directory services
Proven ability to bypass preventative/detective controls and reach mission objectives while maintaining safety and ROE
Strong engineering skills (Python, PowerShell, GO, C++, Web Frameworks); comfort with low-level concepts a plus and familiarity with C2 tradecraft
Deep command of MITRE ATT&CK and threat-informed defense; history partnering with DFIR/SOC and Detection Engineering
Excellent executive and technical communication
Ability to work in Cincinnati, Ohio based office 3 days per week
Preferred
Leadership of purple-team campaigns and incident-driven emulations; closed-loop improvements with measurable KPI movement
Building program metrics/KPIs, standardizing reporting, and integrating with risk governance
Threat-intel integration: actor/campaign analysis, hypothesis generation, and prioritization

Lead end-to-end red team operations aligned to priority threat actors: scenario design, ROE, pre-briefs, execution, and hot-wash/AAR
Support purple-team engagements with DFIR/SOC and Detection Engineering to convert TTPs into durable detections, runbooks, and response improvements with measurable outcomes
Orchestrate assumed-breach campaigns emphasizing evasion and control bypass (EDR/AV, email/web security, identity/conditional access, network segmentation, cloud guardrails)
Perform campaign/TTP research, develop internal PoCs/tooling (e.g., tradecraft to exercise specific controls, lightweight payloads), and steward OPSEC
Produce executive-ready risk narratives and technical reporting (ATT&CK mapping, artifacts, evidence handling) and brief senior leadership
Mentor junior engineers; set standards for craft quality, methodology, and safety
Coordinate multi-party/third-party exercises; manage risk, deconflict with production, and ensure stakeholder alignment
Contribute to operational expansion by researching, prototyping, and developing novel capabilities for offensive use
Contribute to program maturity: metrics/KPIs, roadmap, methodology standardization, control validation cadence, and integration with vulnerability management