[Remote] Offensive Security Engineer (Remote)

Note: The job is a remote job and is open to candidates in USA. Charles Schwab is a company dedicated to transforming the finance industry through innovative technology solutions. They are seeking an Offensive Security Engineer to scope, design, and execute cybersecurity offensive operations, including penetration tests and threat emulation exercises, while collaborating with defensive teams to enhance security posture.

Responsibilities

• Scope, develop and execute penetration tests, purple team assessments and red team exercises
• Design and develop tools, infrastructure and exploits in support of red team operations
• Research and implement assessments based on emerging threats, threat intelligence, and vulnerabilities
• Identify gaps in threat detection, Prevention and response
• Work collaboratively with counterparts in Cyber Defense roles to enhance the firms security posture
• Effectively communicate vulnerabilities, risks and technical findings to stakeholders and work with stakeholders to recommend and validate mitigating controls

Skills

• 5+ years of experience in offensive security, penetration testing or red team role
• Experience with common red team adversary emulation tooling and C2 frameworks
• Advanced knowledge of the tools, tactics, procedures and counter measures
• Experience researching emerging threats and TTP's, developing complementary assessments, and executing those assessments to understand and manage risk and develop appropriate counter measures
• Experience evaluating, reporting and communicating risk at both the technical level (ATT&CK/STRIDE/DREAD) and at an audience appropriate level with stakeholders across the firm
• Experience working with cross-discipline project teams to advance security within the firm
• In-depth experience with one or more of the following cybersecurity disciplines: Endpoint Penetration testing with a focus on bypassing modern EDR controls (across Windows, Mac and Linux), Exploit & Malware Development, Web Application Penetration Testing, Cloud Penetration Testing, AI Red Teaming, and Assessing digital assets and cryptocurrency solutions
• One or more of the following security certifications preferred: Offensive Security Certified Professional OSCP, GIAC Penetration Tester GPEN, GXPN Offensive Security Certified Professional or similar security certification(s)
• BS in Computer Science or equivalent degree/experience desired
• Operational blue team experience

Company Overview

Company H1B Sponsorship